--- conf/httpd.conf-dist.orig	Wed Feb  4 21:42:51 1998
+++ conf/httpd.conf-dist	Thu Apr  9 11:59:01 1998
@@ -7,6 +7,8 @@
 
 # Originally by Rob McCool
 
+# apache-SSL specific configuration added by Andreas Klemm <andreas@FreeBSD.ORG>
+
 # ServerType is either inetd, or standalone.
 
 ServerType standalone
@@ -14,9 +16,73 @@
 # If you are running from inetd, go to "ServerAdmin".
 
 # Port: The port the standalone listens to. For ports < 1023, you will
-# need httpd to be run as root initially.
+# need httpsd to be run as root initially.
 
-Port 80
+#
+# SSL specific configuration
+#
+
+# Secure server defaults to port 443
+Port 443
+
+# Bind apache to portnumbers for normal and secure operations
+Listen 80
+Listen 443
+
+# disable ssl on normal webserver port
+<VirtualHost @@SERVERNAME.DOMAIN@@:80>
+SSLDisable
+</VirtualHost>
+
+SSLCACertificatePath /usr/local/certs
+SSLCACertificateFile /usr/local/certs/cert.pem
+SSLCertificateFile /usr/local/certs/cert.pem
+
+# If the key is not combined with the certificate, use this directive to
+# point at the key file. If this starts with a '/' it specifies an absolute
+# path, otherwise it is relative to the default certificate area. That is, it
+# means "<default>/private/<keyfile>".
+#SSLCertificateKeyFile /some/place/with/your.key
+
+# Set SSLVerifyClient to:
+# 0 if no certicate is required
+# 1 if the client may present a valid certificate
+# 2 if the client must present a valid certificate
+# 3 if the client may present a valid certificate but it is not required to
+#   have a valid CA
+SSLVerifyClient 0
+# How deeply to verify before deciding they don't have a valid certificate
+SSLVerifyDepth 10
+
+# Translate the client X509 into a Basic authorisation. This means that the
+# standard Auth/DBMAuth methods can be used for access control. The user name
+# is the "one line" version of the client's X509 certificate. Note that no
+# password is obtained from the user. Every entry in the user file needs this
+# password: xxj31ZMTZzkVA. See the code for further explanation.
+SSLFakeBasicAuth
+
+# A home for miscellaneous rubbish generated by SSL. Much of it is duplicated
+# in the error log file.
+SSLLogFile /tmp/ssl.log
+
+# Set the path for the global cache server executable.
+# If this facility gives you trouble, you can disable it by setting
+# CACHE_SESSIONS to FALSE in apache_ssl.c
+SSLCacheServerPath @@PREFIX@@/libexec/gcache
+
+# Set the global cache server port number
+SSLCacheServerPort 1234
+
+# Set the session cache timeout, in seconds (set to 15 for testing, use a
+# higher value in real life)
+SSLSessionCacheTimeout 15
+
+# Custom logging
+CustomLog   /var/log/apache-ssl.log "%t %{version}c %{cipher}c %{clientcert}c"
+
+#
+# EOF SSL specific configuration
+#
 
 # HostnameLookups: Log the names of clients or just their IP numbers
 #   e.g.   www.apache.org (on) or 204.62.129.132 (off)
@@ -33,7 +99,7 @@
 #  On HPUX you may not be able to use shared memory as nobody, and the
 #  suggested workaround is to create a user www and use that user.
 User nobody
-Group #-1
+Group nogroup
 
 # The following directive disables keepalives and HTTP header flushes for
 # Netscape 2.x and browsers which spoof it. There are known problems with
@@ -52,7 +118,7 @@
 # mounted filesystem then please read the LockFile documentation,
 # you will save yourself a lot of trouble.
 
-ServerRoot /usr/local/etc/httpd
+ServerRoot /usr/local/etc/apache-SSL
 
 # BindAddress: You can support virtual hosts with this option. This option
 # is used to tell the server which IP address to listen to. It can either
@@ -64,21 +130,25 @@
 # ErrorLog: The location of the error log file. If this does not start
 # with /, ServerRoot is prepended to it.
 
-ErrorLog logs/error_log
+ErrorLog /var/log/httpd-error.log
 
 # TransferLog: The location of the transfer log file. If this does not
 # start with /, ServerRoot is prepended to it.
 
-TransferLog logs/access_log
+TransferLog /var/log/httpd-access.log
+
+#LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""
 
 # PidFile: The file the server should log its pid to
-PidFile logs/httpd.pid
+PidFile /var/run/httpsd.pid
 
 # ScoreBoardFile: File used to store internal server process information.
 # Not all architectures require this.  But if yours does (you'll know because
 # this file is created when you run Apache) then you *must* ensure that
 # no two invocations of Apache share the same scoreboard file.
-ScoreBoardFile logs/apache_status
+ScoreBoardFile /var/run/apache_runtime_status
+
+LockFile       /var/spool/lock/accept.lock
 
 # ServerName allows you to set a host name which is sent back to clients for
 # your server if it's different than the one the program would get (i.e. use
@@ -183,10 +253,10 @@
  
 #<VirtualHost host.some_domain.com>
 #ServerAdmin webmaster@host.some_domain.com
-#DocumentRoot /www/docs/host.some_domain.com
+#DocumentRoot /usr/local/www/host.some_domain.com/data
 #ServerName host.some_domain.com
-#ErrorLog logs/host.some_domain.com-error_log
-#TransferLog logs/host.some_domain.com-access_log
+#ErrorLog /var/log/host.some_domain.com-error_log
+#TransferLog /var/log/host.some_domain.com-access_log
 #</VirtualHost>
 
 
