Package: apache2-common Severity: normal The contents of the default ssl.conf are not sufficient to allow the establishment of an https connection. /usr/share/doc/apache2/examples/ssl.conf.gz contains a very near complete sample ssl.conf, and requires only minimal changes to make it functional. It seems to me that this example ssl.conf should be installed by default.
If the intention is not to fully enable ssl by default, then perhaps an apache2-ssl package could be created to handle ssl. As for the parts of the sample ssl.conf which need to be changed, the only critical change is to specify the correct file for SSLCertificateFile. This should, by default, point to the certificate file created by apache2-ssl-certificate. The only other potential changes are DocumentRoot, ServerName ServerAdmin, ErrorLog, and TransferLog. All of these could be commented out in ssl.conf, as they have probably been set elsewhere. Charles -- System Information: Debian Release: testing/unstable Kernel: Linux frogcircus.org 2.4.25-5um #5 Thu Feb 19 14:29:11 EST 2004 i686 Locale: LANG=en_US, LC_CTYPE=en_US
