[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 12/156: Changed function and configuration names so mod_nss can peacefully co-exist with mod_ssl.

Timo Aaltonen tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:22 UTC 2014


This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 102486d90b09d87c7666d70bfb0d01a564868d67
Author: rcritten <>
Date:   Tue May 31 14:32:42 2005 +0000

    Changed function and configuration names so mod_nss can peacefully
    co-exist with mod_ssl.
---
 Makefile.am                          |  20 +-
 Makefile.in                          |  32 +-
 TODO                                 |   3 +-
 migrate.pl                           |  78 +++-
 mod_nss.c                            |  92 +++--
 mod_nss.h                            | 128 +++----
 modules.mk                           |   4 +-
 nss_engine_config.c                  |  99 +++--
 nss_engine_init.c                    | 175 ++++-----
 nss_engine_io.c                      | 130 +++----
 nss_engine_kernel.c                  |  60 +--
 nss_engine_log.c                     |   8 +-
 nss_engine_pphrase.c                 |  36 +-
 nss_engine_vars.c                    | 126 +++----
 nss_expr.c                           |  53 +--
 nss_expr.h                           |  55 ++-
 nss_expr_eval.c                      | 142 ++++----
 ssl_expr_parse.c => nss_expr_parse.c | 682 +++++++++++++++++------------------
 ssl_expr_parse.h => nss_expr_parse.h |   4 +-
 ssl_expr_parse.y => nss_expr_parse.y |  74 ++--
 ssl_expr_scan.c => nss_expr_scan.c   | 176 +++++----
 ssl_expr_scan.l => nss_expr_scan.l   |  37 +-
 nss_util.c                           |  30 +-
 23 files changed, 1102 insertions(+), 1142 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index e12422d..8de5b22 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,7 +6,7 @@ bin_PROGRAMS = nss_pcache
 nss_pcache_SOURCES = nss_pcache.c
 
 ## Define the source file for the module
-libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c
+libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c
 
 ## Set the includes and libraries needed
 INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
@@ -58,17 +58,17 @@ install-binPROGRAMS: $(bin_PROGRAMS)
 	@echo "**********************   NOTE   **************************"
 	@echo ""
 
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
-	$(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l
-	sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
+nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h
+	$(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l
+	sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c
 
-ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y
-	$(YACC) -d ssl_expr_parse.y
-	sed -e 's;yy;ssl_expr_yy;g' \
+nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y
+	$(YACC) -d nss_expr_parse.y
+	sed -e 's;yy;nss_expr_yy;g' \
 	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
+	    <y.tab.c >nss_expr_parse.c && rm -f y.tab.c
+	sed -e 's;yy;nss_expr_yy;g' \
+	    <y.tab.h >nss_expr_parse.h && rm -f y.tab.h
 
 LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
 	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
diff --git a/Makefile.in b/Makefile.in
index 1166181..6f29fce 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -96,7 +96,7 @@ bin_PROGRAMS = nss_pcache
 
 nss_pcache_SOURCES = nss_pcache.c
 
-libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c
+libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c
 
 INCLUDES = -I at apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
 LIBS = @nspr_lib@ @nss_lib@ -lnspr4 -lplc4 -lplds4 -lssl3 -lsmime3 -lnss3
@@ -123,7 +123,7 @@ libmodnss_la_LIBADD =
 libmodnss_la_OBJECTS =  mod_nss.lo nss_engine_config.lo \
 nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo \
 nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo \
-nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
+nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
 bin_PROGRAMS =  nss_pcache$(EXEEXT)
 PROGRAMS =  $(bin_PROGRAMS)
 
@@ -139,7 +139,7 @@ CCLD = $(CC)
 DIST_COMMON =  README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
 Makefile.in NEWS TODO aclocal.m4 config.guess config.sub configure \
 configure.in gencert.in install-sh ltmain.sh missing mkinstalldirs \
-nss.conf.in ssl_expr_parse.c ssl_expr_scan.c
+nss.conf.in nss_expr_parse.c nss_expr_scan.c
 
 
 DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
@@ -150,8 +150,8 @@ DEP_FILES =  .deps/mod_nss.P .deps/nss_engine_config.P \
 .deps/nss_engine_init.P .deps/nss_engine_io.P .deps/nss_engine_kernel.P \
 .deps/nss_engine_log.P .deps/nss_engine_pphrase.P \
 .deps/nss_engine_vars.P .deps/nss_expr.P .deps/nss_expr_eval.P \
-.deps/nss_pcache.P .deps/nss_util.P .deps/ssl_expr_parse.P \
-.deps/ssl_expr_scan.P
+.deps/nss_expr_parse.P .deps/nss_expr_scan.P .deps/nss_pcache.P \
+.deps/nss_util.P
 SOURCES = $(libmodnss_la_SOURCES) $(nss_pcache_SOURCES)
 OBJECTS = $(libmodnss_la_OBJECTS) $(nss_pcache_OBJECTS)
 
@@ -258,7 +258,7 @@ nss_pcache$(EXEEXT): $(nss_pcache_OBJECTS) $(nss_pcache_DEPENDENCIES)
 	if test -f y.tab.h; then \
 	if cmp -s y.tab.h $*.h; then rm -f y.tab.h; else mv y.tab.h $*.h; fi; \
 	else :; fi
-ssl_expr_parse.h: ssl_expr_parse.c
+nss_expr_parse.h: nss_expr_parse.c
 
 
 tags: TAGS
@@ -411,7 +411,7 @@ distclean-generic:
 	-rm -f config.cache config.log stamp-h stamp-h[0-9]*
 
 maintainer-clean-generic:
-	-test -z "ssl_expr_scanlssl_expr_parsehssl_expr_parsec" || rm -f ssl_expr_scanl ssl_expr_parseh ssl_expr_parsec
+	-test -z "nss_expr_scanlnss_expr_parsehnss_expr_parsec" || rm -f nss_expr_scanl nss_expr_parseh nss_expr_parsec
 mostlyclean-am:  mostlyclean-libLTLIBRARIES mostlyclean-compile \
 		mostlyclean-libtool mostlyclean-binPROGRAMS \
 		mostlyclean-tags mostlyclean-depend mostlyclean-generic
@@ -506,17 +506,17 @@ install-binPROGRAMS: $(bin_PROGRAMS)
 	@echo "**********************   NOTE   **************************"
 	@echo ""
 
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
-	$(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l
-	sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
+nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h
+	$(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l
+	sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c
 
-ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y
-	$(YACC) -d ssl_expr_parse.y
-	sed -e 's;yy;ssl_expr_yy;g' \
+nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y
+	$(YACC) -d nss_expr_parse.y
+	sed -e 's;yy;nss_expr_yy;g' \
 	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
+	    <y.tab.c >nss_expr_parse.c && rm -f y.tab.c
+	sed -e 's;yy;nss_expr_yy;g' \
+	    <y.tab.h >nss_expr_parse.h && rm -f y.tab.h
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/TODO b/TODO
index b2c901c..ce9fdf4 100644
--- a/TODO
+++ b/TODO
@@ -1,2 +1,3 @@
 - Support for mod_proxy
-- Pull the entire cert chain when requested
+- Offer to automatically generate a self-signed cert using gencert during
+  install?
diff --git a/migrate.pl b/migrate.pl
index fd0d990..757d85e 100755
--- a/migrate.pl
+++ b/migrate.pl
@@ -8,9 +8,11 @@ use Getopt::Std;
 BEGIN {
    $NSSDir = cwd();
 
-   $CACertificatePath = "";
-   $CACertificateFile = "";
+   $SSLCACertificatePath = "";
+   $SSLCACertificateFile = "";
    $SSLCertificateFile = "";
+   $SSLCARevocationPath = "";
+   $SSLCARevocationFile = "";
    $SSLCertificateKeyFile = "";
    $passphrase = 0;
 }
@@ -19,14 +21,12 @@ BEGIN {
           "SSLSessionCache" => "",
           "SSLMutex" => "",
           "SSLCertificateChainFile" => "",
-          "SSLCARevocationPath" => "",
-          "SSLCARevocationFile" => "",
           "SSLVerifyDepth" => "" ,
           "SSLCryptoDevice" => "" ,
           "LoadModule" => "" ,
          );
 
-%insert =  ( "SSLSessionCacheTimeout", "SSLSessionCacheSize 10000\nSSL3SessionCacheTimeout 86400\n",);
+%insert =  ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",);
 
 getopts('ch');
 
@@ -60,25 +60,31 @@ while (<SSL>) {
     }
 
     if ($stmt eq "SSLCipherSuite") {
-       print NSS "SSLCipherSuite ", get_ciphers($val), "\n";
-       print NSS "SSLProtocol SSLv3,TLSv1\n";
+       print NSS "NSSCipherSuite ", get_ciphers($val), "\n";
+       print NSS "NSSProtocol SSLv3,TLSv1\n";
        $comment = 1;
     } elsif ($stmt eq "SSLCACertificatePath") {
-       $CACertificatePath = $value;
+       $SSLCACertificatePath = $value;
        $comment = 1;
     } elsif ($stmt eq "SSLCACertificateFile") {
-       $CACertificateFile = $value;
+       $SSLCACertificateFile = $value;
        $comment = 1;
     } elsif ($stmt eq "SSLCertificateFile") {
-       print NSS "SSLCertificateDatabase $NSSDir\n";
-       print NSS "SSLNickName Server-Cert\n";
+       print NSS "NSSCertificateDatabase $NSSDir\n";
+       print NSS "NSSNickName Server-Cert\n";
        $SSLCertificateFile = $value;
        $comment = 1;
     } elsif ($stmt eq "SSLCertificateKeyFile") {
        $SSLCertificateKeyFile = $value;
        $comment = 1;
+    } elsif ($stmt eq "SSLCARevocationPath") {
+       $SSLCARevocationPath = $value;
+       $comment = 1;
+    } elsif ($stmt eq "SSLCARevocationFile") {
+       $SSLCARevocationFile = $value;
+       $comment = 1;
     } elsif ($stmt eq "SSLPassPhraseDialog") {
-       print NSS "SSLPassPhraseHelper /usr/local/bin/nss_pcache\n";
+       print NSS "NSSPassPhraseHelper /usr/local/bin/nss_pcache\n";
        $passphrase = 1;
        $comment = 1;
     }
@@ -89,6 +95,9 @@ while (<SSL>) {
         next;
     }
 
+    # Fix up any remaining directive names
+    s/^SSL/NSS/;
+
     if (exists($insert{$stmt})) {
         print NSS "$_";
         print NSS $insert{$stmt};
@@ -106,7 +115,7 @@ while (<SSL>) {
 }
 
 if ($passphrase == 0) {
-    print NSS "SSLPassPhraseHelper /usr/sbin/nss_pcache\n";
+    print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n";
 }
 
 close(NSS);
@@ -128,26 +137,55 @@ if ($opt_c) {
         run_command("pk12util -i server.p12 -d $NSSDir -W foo");
     }
 
-    if ($CACertificateFile ne "") {
-        my $subject = get_cert_subject($CACertificateFile);
+    if ($SSLCACertificateFile ne "") {
+        my $subject = get_cert_subject($SSLCACertificateFile);
         if ($subject ne "") {
             print "Importing CA certificate $subject\n";
-            run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificateFile");
+            run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile");
         }
     }
 
-    if ($CACertificatePath ne "") {
-        opendir(DIR, $CACertificatePath) or die "can't opendir $CACertificatePath: $!";
+    if ($SSLCACertificatePath ne "") {
+        opendir(DIR, $SSLCACertificatePath) or die "can't opendir $SSLCACertificatePath: $!";
         while (defined($file = readdir(DIR))) {
             next if -d $file;
 
             # we can operate directly on the hash files so don't have to worry
             # about any SKIPME's.
             if ($file =~ /hash.*/) {
-                my $subject = get_cert_subject("$CACertificatePath/$file");
+                my $subject = get_cert_subject("$SSLCACertificatePath/$file");
                 if ($subject ne "") {
                     print "Importing CA certificate $subject\n";
-                    run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificatePath/$file");
+                    run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file");
+                }
+            }
+        }
+        closedir(DIR);
+    }
+
+    if ($SSLCARevocationFile ne "") {
+        print "Importing CRL file $CARevocationFile\n";
+            # Convert to DER format
+            run_command("openssl crl -in $SSLCARevocationFile -out /tmp/crl.tmp -inform PEM -outform DER");
+            run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp");
+            unlink("/tmp/crl.tmp");
+    }
+
+    if ($SSLCARevocationPath ne "") {
+        opendir(DIR, $SSLCARevocationPath) or die "can't opendir $SSLCARevocationPath: $!";
+        while (defined($file = readdir(DIR))) {
+            next if -d $file;
+
+            # we can operate directly on the hash files so don't have to worry
+            # about any SKIPME's.
+            if ($file =~ /hash.*/) {
+                my $subject = get_cert_subject("$SSLCARevocationPath/$file");
+                if ($subject ne "") {
+                    print "Importing CRL file $file\n";
+                    # Convert to DER format
+                    run_command("openssl crl -in $SSLCARevocationPath/$file -out /tmp/crl.tmp -inform PEM -outform DER");
+                    run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp");
+                    unlink("/tmp/crl.tmp");
                 }
             }
         }
diff --git a/mod_nss.c b/mod_nss.c
index 16d090d..131b436 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -21,20 +21,20 @@
  */
 
 #define SSL_CMD_ALL(name, args, desc) \
-        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+        AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
                        NULL, RSRC_CONF|OR_AUTHCFG, desc),
 
 #define SSL_CMD_SRV(name, args, desc) \
-        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+        AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
                        NULL, RSRC_CONF, desc),
 
 #define SSL_CMD_DIR(name, type, args, desc) \
-        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+        AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
                        NULL, OR_##type, desc),
 
 #define AP_END_CMD { NULL }
 
-static const command_rec ssl_config_cmds[] = {
+static const command_rec nss_config_cmds[] = {
     /*
      * Global (main-server) context configuration directives
      */
@@ -44,7 +44,7 @@ static const command_rec ssl_config_cmds[] = {
     SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
                 "SSL 2 Session Cache object lifetime "
                 "(`N' - number of seconds)")
-    SSL_CMD_SRV(3SessionCacheTimeout, TAKE1,
+    SSL_CMD_SRV(Session3CacheTimeout, TAKE1,
                 "SSL 3/TLS Session Cache object lifetime "
                 "(`N' - number of seconds)")
     SSL_CMD_SRV(SessionCacheSize, TAKE1,
@@ -144,18 +144,17 @@ static const command_rec ssl_config_cmds[] = {
  *  the various processing hooks
  */
 
-static int ssl_hook_pre_config(apr_pool_t *pconf,
+static int nss_hook_pre_config(apr_pool_t *pconf,
                                apr_pool_t *plog,
                                apr_pool_t *ptemp)
 {
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_hook_pre_config");
     /* Register us to handle mod_log_config %c/%x variables */
-    ssl_var_log_config_register(pconf);
+    nss_var_log_config_register(pconf);
 
     return OK;
 }
 
-static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
+static SSLConnRec *nss_init_connection_ctx(conn_rec *c)
 {
     SSLConnRec *sslconn = myConnConfig(c);
 
@@ -167,7 +166,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
 
     sslconn->is_proxy = 0;
     sslconn->disabled = 0;
-    sslconn->non_ssl_request = 0;
+    sslconn->non_nss_request = 0;
     sslconn->ssl = NULL;
 
     myConnConfigSet(c, sslconn);
@@ -176,11 +175,11 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
 }
 
 #ifdef PROXY
-int ssl_proxy_enable(conn_rec *c)
+int nss_proxy_enable(conn_rec *c)
 {
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
 
-    SSLConnRec *sslconn = ssl_init_connection_ctx(c);
+    SSLConnRec *sslconn = nss_init_connection_ctx(c);
 
     if (!sc->proxy_enabled) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
@@ -197,7 +196,7 @@ int ssl_proxy_enable(conn_rec *c)
 }
 #endif
 
-int ssl_engine_disable(conn_rec *c)
+int nss_engine_disable(conn_rec *c)
 {
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
 
@@ -207,14 +206,14 @@ int ssl_engine_disable(conn_rec *c)
         return 0;
     }
 
-    sslconn = ssl_init_connection_ctx(c);
+    sslconn = nss_init_connection_ctx(c);
 
     sslconn->disabled = 1;
 
     return 1;
 }
 
-static int ssl_hook_pre_connection(conn_rec *c, void *csd)
+static int nss_hook_pre_connection(conn_rec *c, void *csd)
 {
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
     PRFileDesc *ssl;
@@ -234,7 +233,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
      * Create SSL context
      */
     if (!sslconn) {
-        sslconn = ssl_init_connection_ctx(c);
+        sslconn = nss_init_connection_ctx(c);
     }
 
     if (sslconn->disabled) {
@@ -258,14 +257,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
      * attach this to the socket. Additionally we register this attachment
      * so we can detach later.
      */
-    ssl = ssl_io_new_fd();
+    ssl = nss_io_new_fd();
     ssl = SSL_ImportFD(mctx->model, ssl);
 
     if (!(ssl)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
                      "Unable to create a new SSL connection from the SSL "
                      "context");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server);
 
         c->aborted = 1;
 
@@ -275,14 +274,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
     sslconn->ssl = ssl;
     sslconn->client_socket = csd;
 
-    ssl_io_filter_init(c, ssl);
+    nss_io_filter_init(c, ssl);
 
     SSL_ResetHandshake(ssl, PR_TRUE);
 
     return APR_SUCCESS;
 }
 
-static const char *ssl_hook_http_method(const request_rec *r)
+static const char *nss_hook_http_method(const request_rec *r)
 {
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
 
@@ -293,7 +292,7 @@ static const char *ssl_hook_http_method(const request_rec *r)
     return "https";
 }
 
-static apr_port_t ssl_hook_default_port(const request_rec *r)
+static apr_port_t nss_hook_default_port(const request_rec *r)
 {
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
 
@@ -308,38 +307,37 @@ static apr_port_t ssl_hook_default_port(const request_rec *r)
  *  the module registration phase
  */
 
-static void ssl_register_hooks(apr_pool_t *p)
+static void nss_register_hooks(apr_pool_t *p)
 {
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_register_hooks");
-    ssl_io_filter_register(p);
-
-    ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_http_method   (ssl_hook_http_method,   NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
-    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
-
-    ssl_var_register();
+    nss_io_filter_register(p);
+
+    ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_config   (nss_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_http_method   (nss_hook_http_method,   NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_default_port  (nss_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_pre_config    (nss_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_child_init    (nss_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_translate_name(nss_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_check_user_id (nss_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
+    ap_hook_fixups        (nss_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_access_checker(nss_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_auth_checker  (nss_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_read_request(nss_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
+
+    nss_var_register();
 
 #ifdef PROXY
-    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+    APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
 #endif
-    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
+    APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
 }
 
 module AP_MODULE_DECLARE_DATA nss_module = {
     STANDARD20_MODULE_STUFF,
-    ssl_config_perdir_create,   /* create per-dir    config structures */
-    ssl_config_perdir_merge,    /* merge  per-dir    config structures */
-    ssl_config_server_create,   /* create per-server config structures */
-    ssl_config_server_merge,    /* merge  per-server config structures */
-    ssl_config_cmds,            /* table of configuration directives   */
-    ssl_register_hooks          /* register hooks */
+    nss_config_perdir_create,   /* create per-dir    config structures */
+    nss_config_perdir_merge,    /* merge  per-dir    config structures */
+    nss_config_server_create,   /* create per-server config structures */
+    nss_config_server_merge,    /* merge  per-server config structures */
+    nss_config_cmds,            /* table of configuration directives   */
+    nss_register_hooks          /* register hooks */
 };
diff --git a/mod_nss.h b/mod_nss.h
index 1095cd2..c43e7e1 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -152,15 +152,15 @@ ap_set_module_config(c->conn_config, &nss_module, val)
 #define SSL_OPT_STRICTREQUIRE  (1<<5)
 #define SSL_OPT_OPTRENEGOTIATE (1<<6)
 #define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
+typedef int nss_opt_t;
 
 /*
  * Define the SSL requirement structure
  */ 
 typedef struct {
     char     *cpExpr;
-    ssl_expr *mpExpr;
-} ssl_require_t;
+    nss_expr *mpExpr;
+} nss_require_t;
 
 /*
  * Define the SSL verify levels
@@ -171,7 +171,7 @@ typedef enum {
     SSL_CVERIFY_OPTIONAL        = 1,
     SSL_CVERIFY_REQUIRE         = 2,
     SSL_CVERIFY_OPTIONAL_NO_CA  = 3
-} ssl_verify_t;
+} nss_verify_t;
 
 /*
  * Define the SSL pass phrase dialog types
@@ -180,7 +180,7 @@ typedef enum {
     SSL_PPTYPE_UNSET   = UNSET,
     SSL_PPTYPE_BUILTIN = 0,
     SSL_PPTYPE_FILE    = 1,
-} ssl_pphrase_t;
+} nss_pphrase_t;
 
 /*
  * Define the mod_ssl per-module configuration structure
@@ -193,7 +193,7 @@ typedef struct {
     CERTCertificate *client_cert; 
     int is_proxy;
     int disabled;
-    int non_ssl_request;
+    int non_nss_request;
     apr_socket_t * client_socket;
 } SSLConnRec;
 
@@ -209,7 +209,7 @@ typedef struct {
     int             ssl3_session_cache_timeout;
 
     /* config for handling encrypted keys */
-    ssl_pphrase_t   pphrase_dialog_type;
+    nss_pphrase_t   pphrase_dialog_type;
     const char     *pphrase_dialog_path;
     const char     *pphrase_dialog_helper;
 
@@ -229,7 +229,7 @@ typedef struct {
     const char  *protocols;
 
     /* for client or downstream server authentication */
-    ssl_verify_t verify_mode;
+    nss_verify_t verify_mode;
 } modnss_auth_ctx_t;
 
 typedef struct {
@@ -275,7 +275,7 @@ typedef struct {
     int                 nOptionsAdd;
     int                 nOptionsDel;
     const char         *szCipherSuite;
-    ssl_verify_t   nVerifyClient;
+    nss_verify_t   nVerifyClient;
     const char         *szCACertificatePath;
     const char         *szCACertificateFile;
     const char         *szUserName;
@@ -294,7 +294,7 @@ typedef struct
  
 enum sslversion { SSL2=1, SSL3=2, TLS=4};
 
-/* the table itself is defined in ssl_engine_init.c */
+/* the table itself is defined in nss_engine_init.c */
 #define ciphernum 23
 
 /*
@@ -305,86 +305,86 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4};
 extern module AP_MODULE_DECLARE_DATA nss_module;
 
 /*  configuration handling   */
-SSLModConfigRec *ssl_config_global_create(server_rec *);
-void *ssl_config_perdir_create(apr_pool_t *p, char *dir);
-void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv);
-void *ssl_config_server_create(apr_pool_t *p, server_rec *s);
-void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv);
-const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int);
-const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLNickname(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *, void *, int);
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg);
-const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+SSLModConfigRec *nss_config_global_create(server_rec *);
+void *nss_config_perdir_create(apr_pool_t *p, char *dir);
+void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv);
+void *nss_config_server_create(apr_pool_t *p, server_rec *s);
+void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv);
+const char *nss_cmd_NSSEngine(cmd_parms *, void *, int);
+const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int);
+const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *);
+const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg);
+const char  *nss_cmd_NSSRequire(cmd_parms *, void *, const char *);
 
 /*  module initialization  */
-int  ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
-void ssl_init_Child(apr_pool_t *, server_rec *);
-void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
-apr_status_t ssl_init_ModuleKill(void *data);
-int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]);
+int  nss_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
+void nss_init_Child(apr_pool_t *, server_rec *);
+void nss_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
+apr_status_t nss_init_ModuleKill(void *data);
+int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]);
 
 /* Apache API hooks */
-int ssl_hook_Translate(request_rec *r);
-int ssl_hook_UserCheck(request_rec *r);
-int ssl_hook_Fixup(request_rec *r);
-int ssl_hook_Access(request_rec *r);
-int ssl_hook_Auth(request_rec *r);
-int ssl_hook_ReadReq(request_rec *r);
+int nss_hook_Translate(request_rec *r);
+int nss_hook_UserCheck(request_rec *r);
+int nss_hook_Fixup(request_rec *r);
+int nss_hook_Access(request_rec *r);
+int nss_hook_Auth(request_rec *r);
+int nss_hook_ReadReq(request_rec *r);
 
 /*  Variables  */
-void         ssl_var_register(void);
-char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
-void         ssl_var_log_config_register(apr_pool_t *p);
+void         nss_var_register(void);
+char        *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+void         nss_var_log_config_register(apr_pool_t *p);
 
-APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
                         (apr_pool_t *, server_rec *,
                          conn_rec *, request_rec *, 
                          char *));
 
 /* An optional function which returns non-zero if the given connection
  * is using SSL/TLS. */
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
 
 /* Proxy Support */
-int ssl_engine_disable(conn_rec *c);
+int nss_engine_disable(conn_rec *c);
 
-APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
 
 /* I/O */
-PRFileDesc * ssl_io_new_fd();
-int ssl_io_layer_init();
-void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl);
-void ssl_io_filter_register(apr_pool_t *p);
+PRFileDesc * nss_io_new_fd();
+int nss_io_layer_init();
+void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl);
+void nss_io_filter_register(apr_pool_t *p);
 
 /*  Utility Functions  */
-char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
-void         ssl_util_strupper(char *);
-void         ssl_util_uuencode(char *, const char *, BOOL);
-void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
+char        *nss_util_vhostid(apr_pool_t *, server_rec *);
+void         nss_util_strupper(char *);
+void         nss_util_uuencode(char *, const char *, BOOL);
+void         nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
+apr_file_t  *nss_util_ppopen(server_rec *, apr_pool_t *, const char *,
                              const char * const *);
-void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
-char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
+void         nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
+char        *nss_util_readfilter(server_rec *, apr_pool_t *, const char *,
                                  const char * const *);
 
 /* Pass Phrase Handling */
-SECStatus ssl_Init_Tokens(server_rec *s);
+SECStatus nss_Init_Tokens(server_rec *s);
 
 /* Logging */
-void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s);
-void ssl_die(void);
+void nss_log_nss_error(const char *file, int line, int level, server_rec *s);
+void nss_die(void);
 
 /* NSS callback */
-SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
+SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
 #endif /* __MOD_SSL_H__ */
diff --git a/modules.mk b/modules.mk
index 4053381..cdad05f 100644
--- a/modules.mk
+++ b/modules.mk
@@ -1,5 +1,5 @@
-mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
-	$(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
+mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
+	$(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
 DISTCLEAN_TARGETS = modules.mk
 static =  mod_nss.la
 shared = 
diff --git a/nss_engine_config.c b/nss_engine_config.c
index 962ce2e..67c6780 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -23,7 +23,7 @@
 
 #define SSL_MOD_CONFIG_KEY "nss_module"
 
-SSLModConfigRec *ssl_config_global_create(server_rec *s)
+SSLModConfigRec *nss_config_global_create(server_rec *s)
 {
     apr_pool_t *pool = s->process->pool;
     SSLModConfigRec *mc;
@@ -66,9 +66,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
 
 static void modnss_ctx_init(modnss_ctx_t *mctx)
 {
-
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "modnss_ctx_init");
-
     mctx->sc                  = NULL; /* set during module init */
 
     mctx->ssl2                = PR_FALSE;
@@ -98,7 +95,7 @@ static void modnss_ctx_init_server(SSLSrvConfigRec *sc,
     modnss_ctx_init(mctx);
 }
 
-static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
+static SSLSrvConfigRec *nss_config_server_new(apr_pool_t *p)
 {
     SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
     
@@ -111,7 +108,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
     sc->server                      = NULL;
 
 #ifdef PROXY
-    modssl_ctx_init_proxy(sc, p);
+    modnss_ctx_init_proxy(sc, p);
 #endif
 
     modnss_ctx_init_server(sc, p);
@@ -122,11 +119,10 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
 /*
  *  Create per-server SSL configuration
  */
-void *ssl_config_server_create(apr_pool_t *p, server_rec *s) {
-    SSLSrvConfigRec *sc = ssl_config_server_new(p);
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_create");
+void *nss_config_server_create(apr_pool_t *p, server_rec *s) {
+    SSLSrvConfigRec *sc = nss_config_server_new(p);
 
-    sc->mc = ssl_config_global_create(s);
+    sc->mc = nss_config_global_create(s);
 
     return sc;
 }
@@ -159,19 +155,17 @@ static void modnss_ctx_cfg_merge_server(modnss_ctx_t *base,
 /*
  *  Merge per-server SSL configurations
  */
-void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
+void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
     SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
     SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
-    SSLSrvConfigRec *mrg  = ssl_config_server_new(p);
-
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_merge");
+    SSLSrvConfigRec *mrg  = nss_config_server_new(p);
 
     cfgMerge(mc, NULL);
     cfgMergeBool(enabled);
     cfgMergeBool(proxy_enabled);
 
 #ifdef PROXY 
-    modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
+    modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 #endif
 
     modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server);
@@ -182,12 +176,11 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
 /*
  *  Create per-directory SSL configuration
  */
-void *ssl_config_perdir_create(apr_pool_t *p, char *dir) {
+void *nss_config_perdir_create(apr_pool_t *p, char *dir) {
     SSLDirConfigRec *dc = apr_palloc(p, sizeof(*dc));
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_perdir_create");
 
     dc->bSSLRequired  = FALSE;
-    dc->aRequirement  = apr_array_make(p, 4, sizeof(ssl_require_t));
+    dc->aRequirement  = apr_array_make(p, 4, sizeof(nss_require_t));
     dc->nOptions      = SSL_OPT_NONE|SSL_OPT_RELSET;
     dc->nOptionsAdd   = SSL_OPT_NONE;
     dc->nOptionsDel   = SSL_OPT_NONE;
@@ -200,7 +193,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir) {
     return dc;
 }
  
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg)
+const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg)
 {
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
 
@@ -209,17 +202,17 @@ const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg)
     return NULL;
 }
 
-const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
+const char *nss_cmd_NSSRequire(cmd_parms *cmd,
                                void *dcfg,
                                const char *arg)
 {
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
-    ssl_expr *expr;
-    ssl_require_t *require;
+    nss_expr *expr;
+    nss_require_t *require;
 
-    if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) {
-        return apr_pstrcat(cmd->pool, "SSLRequire: ",
-                           ssl_expr_get_error(), NULL);
+    if (!(expr = nss_expr_comp(cmd->pool, (char *)arg))) {
+        return apr_pstrcat(cmd->pool, "NSSRequire: ",
+                           nss_expr_get_error(), NULL);
     }
 
     require = apr_array_push(dc->aRequirement);
@@ -229,7 +222,7 @@ const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
     return NULL;
 }
 
-void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
+void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
     SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
     SSLDirConfigRec *add  = (SSLDirConfigRec *)addv;
     SSLDirConfigRec *mrg  = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg));
@@ -259,7 +252,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
     return mrg;
 }
 
-const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag)
+const char *nss_cmd_NSSEngine(cmd_parms *cmd, void *dcfg, int flag)
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
@@ -268,7 +261,7 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag)
     return NULL;
 }
 
-const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd,
+const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd,
                                            void *dcfg,
                                            const char *arg)
 {
@@ -279,7 +272,7 @@ const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
+const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd,
                                    void *dcfg,
                                    const char *arg)
 {
@@ -296,9 +289,9 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
     return NULL;
 }
 
-static const char *ssl_cmd_verify_parse(cmd_parms *parms,
+static const char *nss_cmd_verify_parse(cmd_parms *parms,
                                         const char *arg,
-                                        ssl_verify_t *id)
+                                        nss_verify_t *id)
 {
     if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
         *id = SSL_CVERIFY_NONE;
@@ -322,16 +315,16 @@ static const char *ssl_cmd_verify_parse(cmd_parms *parms,
     return NULL;
 }
 
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd,
+const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd,
                                     void *dcfg,
                                     const char *arg)
 {
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    ssl_verify_t mode;
+    nss_verify_t mode;
     const char *err;
 
-    if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) {
+    if ((err = nss_cmd_verify_parse(cmd, arg, &mode))) {
         return err;
     }
 
@@ -345,7 +338,7 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
+const char *nss_cmd_NSSProtocol(cmd_parms *cmd,
                                 void *dcfg,
                                 const char *arg)
 {
@@ -356,7 +349,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLNickname(cmd_parms *cmd,
+const char *nss_cmd_NSSNickname(cmd_parms *cmd,
                                 void *dcfg,
                                 const char *arg)
 {
@@ -367,7 +360,7 @@ const char *ssl_cmd_SSLNickname(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd,
+const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *cmd,
                                          void *dcfg,
                                          int flag)
 {
@@ -378,7 +371,7 @@ const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
+const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd,
                                            void *dcfg,
                                            const char *arg)
 {
@@ -387,13 +380,13 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
     mc->session_cache_timeout = atoi(arg);
 
     if (mc->session_cache_timeout < 0) {
-        return "SSLSessionCacheTimeout: Invalid argument";
+        return "NSSSessionCacheTimeout: Invalid argument";
     }
 
     return NULL;
 }
 
-const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd,
+const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd,
                                            void *dcfg,
                                            const char *arg)
 {
@@ -401,14 +394,14 @@ const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd,
 
     mc->ssl3_session_cache_timeout = atoi(arg);
 
-    if (mc->session_cache_timeout < 0) {
-        return "SSLSessionCacheTimeout: Invalid argument";
+    if (mc->ssl3_session_cache_timeout < 0) {
+        return "NSSSession3CacheTimeout: Invalid argument";
     }
 
     return NULL;
 }
 
-const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd,
+const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd,
                                         void *dcfg,
                                         const char *arg)
 {
@@ -417,13 +410,13 @@ const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd,
     mc->session_cache_size = atoi(arg);
 
     if (mc->session_cache_size < 0) {
-        return "SSLSessionCacheTimeout: Invalid argument";
+        return "NSSSessionCacheTimeout: Invalid argument";
     }
 
     return NULL;
 }
 
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
+const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd,
                                         void *dcfg,
                                         const char *arg)
 {
@@ -442,13 +435,13 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
         mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5);
         if (!mc->pphrase_dialog_path)
             return apr_pstrcat(cmd->pool,
-                              "Invalid SSLPassPhraseDialog file: path ",
+                              "Invalid NSSPassPhraseDialog file: path ",
                                arg+5, NULL);
         rc = apr_stat(&finfo, mc->pphrase_dialog_path,
              APR_FINFO_TYPE|APR_FINFO_SIZE, cmd->pool);
         if ((rc != APR_SUCCESS) || (finfo.filetype != APR_REG)) {
             return apr_pstrcat(cmd->pool,
-                               "SSLPassPhraseDialog: file '",
+                               "NSSPassPhraseDialog: file '",
                                mc->pphrase_dialog_path,
                                "' does not exist", NULL);
         }
@@ -457,7 +450,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
     return NULL;
 }
 
-const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd,
+const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd,
                                         void *dcfg,
                                         const char *arg)
 {
@@ -467,14 +460,14 @@ const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd,
         mc->pphrase_dialog_helper = arg;
     } else {
         return apr_pstrcat(cmd->pool,
-                           "SSLPassPhraseHelper: ", mc->pphrase_dialog_path,
+                           "NSSPassPhraseHelper: ", mc->pphrase_dialog_path,
                            "does not exist or is not executable.", NULL);
     }
 
     return NULL;
 }
 
-const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
+const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg,
                                 const char *arg)
 {
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@@ -482,12 +475,12 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
     return NULL;
 }
 
-const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
+const char *nss_cmd_NSSOptions(cmd_parms *cmd,
                                void *dcfg,
                                const char *arg)
 {
     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
-    ssl_opt_t opt;   
+    nss_opt_t opt;   
     int first = TRUE; 
     char action, *w; 
  
@@ -523,7 +516,7 @@ const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
         }
         else {
             return apr_pstrcat(cmd->pool,
-                               "SSLOptions: Illegal option '", w, "'",
+                               "NSSOptions: Illegal option '", w, "'",
                                NULL);
         }
         if (action == '-') {
diff --git a/nss_engine_init.c b/nss_engine_init.c
index b2d2c14..cbcf114 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -20,7 +20,7 @@ static SECStatus ownBadCertHandler(void *arg, PRFileDesc * socket);
 static SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg);
 static SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg);
 static CERTCertificate* FindServerCertFromNickname(const char* name);
-SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
+SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
 
 /*
  * Global variables defined in this file.
@@ -65,11 +65,11 @@ static char *version_components[] = {
     NULL
 }; 
 
-static char *ssl_add_version_component(apr_pool_t *p,
+static char *nss_add_version_component(apr_pool_t *p,
                                        server_rec *s,
                                        char *name)
 {   
-    char *val = ssl_var_lookup(p, s, NULL, NULL, name);
+    char *val = nss_var_lookup(p, s, NULL, NULL, name);
 
     if (val && *val) {
         ap_add_version_component(p, val);
@@ -78,14 +78,14 @@ static char *ssl_add_version_component(apr_pool_t *p,
     return val;
 }
  
-static void ssl_add_version_components(apr_pool_t *p,
+static void nss_add_version_components(apr_pool_t *p,
                                        server_rec *s)
 {
     char *vals[sizeof(version_components)/sizeof(char *)];
     int i;
 
     for (i=0; version_components[i]; i++) {
-        vals[i] = ssl_add_version_component(p, s,
+        vals[i] = nss_add_version_component(p, s,
                                             version_components[i]);
     }
 
@@ -99,7 +99,7 @@ static void ssl_add_version_components(apr_pool_t *p,
 /*
  *  Initialize SSL library
  */
-static void ssl_init_SSLLibrary(server_rec *s)
+static void nss_init_SSLLibrary(server_rec *s)
 {
     SECStatus rv;
     SSLModConfigRec *mc = myModConfig(s);
@@ -115,8 +115,8 @@ static void ssl_init_SSLLibrary(server_rec *s)
         if (mc->pphrase_dialog_helper == NULL &&
             mc->pphrase_dialog_path == NULL) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                "Neither SSLPassPhraseHelper nor SSLPassPhraseDialog is not set. One or the other is required.");
-            ssl_die();
+                "Neither NSSPassPhraseHelper nor NSSPassPhraseDialog is not set. One or the other is required.");
+            nss_die();
         }
 
         child_argv[0] = mc->pphrase_dialog_helper;
@@ -128,7 +128,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
         if (rv != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "apr_procattr_create() failed APR err: %d.", rv);
-            ssl_die();
+            nss_die();
         }
 
 #if 0
@@ -151,7 +151,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
         if (rv != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "apr_proc_create failed to launch %s APR err: %d.", child_argv[0], rv);
-            ssl_die();
+            nss_die();
         }
         /* Set a 30-second read/write timeout */
         apr_file_pipe_timeout_set(mc->proc.in, apr_time_from_sec(30));
@@ -168,20 +168,20 @@ static void ssl_init_SSLLibrary(server_rec *s)
     rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY);
 
     /* Assuming everything is ok so far, check the cert database password(s). */
-    if (rv != SECSuccess || ssl_Init_Tokens(s) != SECSuccess) {
+    if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) {
         NSS_Shutdown();
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     if (NSS_SetDomesticPolicy() != SECSuccess) {
         NSS_Shutdown();
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                  "NSS set domestic policy failed on certificate database %s.", mc->pCertificateDatabase);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -190,7 +190,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
 
 }
 
-int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
+int nss_init_Module(apr_pool_t *p, apr_pool_t *plog,
                     apr_pool_t *ptemp,
                     server_rec *base_server)
 {
@@ -204,13 +204,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      * Let us cleanup on restarts and exists
      */
     apr_pool_cleanup_register(p, base_server,
-                              ssl_init_ModuleKill,
+                              nss_init_ModuleKill,
                               apr_pool_cleanup_null);
 
     /*
      * Any init round fixes the global config
      */
-    ssl_config_global_create(base_server); /* just to avoid problems */
+    nss_config_global_create(base_server); /* just to avoid problems */
 
     /*
      * Fix up any global settings that aren't in the configuration
@@ -251,7 +251,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         /*
          * Create the server host:port string because we need it a lot
          */
-        sc->vhost_id = ssl_util_vhostid(p, s);
+        sc->vhost_id = nss_util_vhostid(p, s);
         sc->vhost_id_len = strlen(sc->vhost_id);
 
         /* Fix up stuff that may not have been set */
@@ -264,12 +264,12 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         }
     }
 
-    ssl_init_SSLLibrary(base_server);
+    nss_init_SSLLibrary(base_server);
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                  "done Init: Initializing NSS library");
 
     /* Load our layer */
-    ssl_io_layer_init();
+    nss_io_layer_init();
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                  "done layer");
 
@@ -291,52 +291,52 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         /*
          * Read the server certificate and key
          */
-        ssl_init_ConfigureServer(s, p, ptemp, sc);
+        nss_init_ConfigureServer(s, p, ptemp, sc);
     }
 
     /*
      *  Announce mod_ssl and SSL library in HTTP Server field
      *  as ``mod_ssl/X.X.X OpenSSL/X.X.X''
      */
-    ssl_add_version_components(p, base_server);
+    nss_add_version_components(p, base_server);
 
     return OK;
 }
 
-static void ssl_init_ctx_socket(server_rec *s,
+static void nss_init_ctx_socket(server_rec *s,
                                 apr_pool_t *p,
                                 apr_pool_t *ptemp,
                                 modnss_ctx_t *mctx)
 {
     /* Setup a socket in the context that will be used to model all
      * client connections. */
-    mctx->model = ssl_io_new_fd();
+    mctx->model = nss_io_new_fd();
     mctx->model = SSL_ImportFD(NULL, mctx->model);
 
     if (SSL_OptionSet(mctx->model, SSL_SECURITY, PR_TRUE) != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "Unable to enable security.");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_SERVER, PR_TRUE)
             != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "Unable to set SSL server handshake mode.");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
     if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE)
             != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "Unable to disable handshake as client");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 }
 
-static void ssl_init_ctx_protocol(server_rec *s,
+static void nss_init_ctx_protocol(server_rec *s,
                                   apr_pool_t *p,
                                   apr_pool_t *ptemp,
                                   modnss_ctx_t *mctx)
@@ -349,8 +349,8 @@ static void ssl_init_ctx_protocol(server_rec *s,
 
     if (mctx->auth.protocols == NULL) {
         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-            "SSLProtocols not set; using all protocols: SSLv2, SSLv3 and TLSv1");
-        ssl2 = ssl3 = tls = 1;
+            "SSLProtocols not set; using: SSLv3 and TLSv1");
+        ssl3 = tls = 1;
     } else {
         lprotocols = strdup(mctx->auth.protocols);
         ap_str_tolower(lprotocols);
@@ -402,8 +402,8 @@ static void ssl_init_ctx_protocol(server_rec *s,
     if (stat != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "SSL protocol initialization failed.");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     mctx->ssl2 = ssl2;
@@ -411,45 +411,45 @@ static void ssl_init_ctx_protocol(server_rec *s,
     mctx->tls = tls;
 }
 
-static void ssl_init_ctx_session_cache(server_rec *s,
+static void nss_init_ctx_session_cache(server_rec *s,
                                        apr_pool_t *p,
                                        apr_pool_t *ptemp,
                                        modnss_ctx_t *mctx)
 {
 }
 
-static void ssl_init_ctx_callbacks(server_rec *s,
+static void nss_init_ctx_callbacks(server_rec *s,
                                    apr_pool_t *p,
                                    apr_pool_t *ptemp,
                                    modnss_ctx_t *mctx)
 {
-    if (SSL_AuthCertificateHook(mctx->model, ssl_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) {
+    if (SSL_AuthCertificateHook(mctx->model, nss_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "SSL_AuthCertificateHook failed.");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
     if (SSL_BadCertHook(mctx->model, (SSLBadCertHandler) ownBadCertHandler, NULL) != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "SSL_BadCertHook failed");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
     if (SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback) ownHandshakeCallback, NULL) != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "SSL_HandshakeCallback failed");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
     if (SSL_GetClientAuthDataHook(mctx->model, NSS_GetClientAuthData, (void *)mctx->nickname) != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                 "SSL_GetClientAuthDataHook failed");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 }
 
-static void ssl_init_ctx_verify(server_rec *s,
+static void nss_init_ctx_verify(server_rec *s,
                                 apr_pool_t *p,
                                 apr_pool_t *ptemp,
                                 modnss_ctx_t *mctx)
@@ -481,7 +481,7 @@ static int countciphers(PRBool cipher_state[ciphernum], int version) {
     return ciphercount;
 }
 
-static void ssl_init_ctx_cipher_suite(server_rec *s,
+static void nss_init_ctx_cipher_suite(server_rec *s,
                                       apr_pool_t *p,
                                       apr_pool_t *ptemp,
                                       modnss_ctx_t *mctx)
@@ -496,8 +496,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
      */
     if (!suite) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                     "Required value SSLCipherSuite not set.");
-        ssl_die();
+                     "Required value NSSCipherSuite not set.");
+        nss_die();
     }
     ciphers = strdup(suite);
 
@@ -523,8 +523,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
         cipher_state[i] = PR_FALSE;
     }
 
-    if (ssl_parse_ciphers(s, ciphers, cipher_state) == -1) {
-        ssl_die();
+    if (nss_parse_ciphers(s, ciphers, cipher_state) == -1) {
+        nss_die();
     }
 
     free(ciphers);
@@ -533,19 +533,19 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
     if (mctx->ssl2 && countciphers(cipher_state, SSL2) == 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "SSL2 is enabled but no SSL2 ciphers are enabled.");
-        ssl_die();
+        nss_die();
     }
 
     if (mctx->ssl3 && countciphers(cipher_state, SSL3) == 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "SSL3 is enabled but no SSL3 ciphers are enabled.");
-        ssl_die();
+        nss_die();
     }
 
     if (mctx->tls && countciphers(cipher_state, TLS) == 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "TLS is enabled but no TLS ciphers are enabled.");
-        ssl_die();
+        nss_die();
     }
 
     /* Finally actually enable the selected ciphers */
@@ -554,26 +554,26 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
     }
 }
 
-static void ssl_init_ctx(server_rec *s,
+static void nss_init_ctx(server_rec *s,
                          apr_pool_t *p,
                          apr_pool_t *ptemp,
                          modnss_ctx_t *mctx) 
 {
 
-    ssl_init_ctx_socket(s, p, ptemp, mctx);
+    nss_init_ctx_socket(s, p, ptemp, mctx);
 
-    ssl_init_ctx_protocol(s, p, ptemp, mctx);
+    nss_init_ctx_protocol(s, p, ptemp, mctx);
     
-    ssl_init_ctx_session_cache(s, p, ptemp, mctx);
+    nss_init_ctx_session_cache(s, p, ptemp, mctx);
     
-    ssl_init_ctx_callbacks(s, p, ptemp, mctx);
+    nss_init_ctx_callbacks(s, p, ptemp, mctx);
     
-    ssl_init_ctx_verify(s, p, ptemp, mctx);
+    nss_init_ctx_verify(s, p, ptemp, mctx);
 
-    ssl_init_ctx_cipher_suite(s, p, ptemp, mctx);
+    nss_init_ctx_cipher_suite(s, p, ptemp, mctx);
 }
 
-static void ssl_init_server_certs(server_rec *s,
+static void nss_init_server_certs(server_rec *s,
                                   apr_pool_t *p,
                                   apr_pool_t *ptemp,
                                   modnss_ctx_t *mctx)
@@ -590,8 +590,11 @@ static void ssl_init_server_certs(server_rec *s,
     if (mctx->nickname == NULL) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
             "No certificate nickname provided.");
-        ssl_die();
+        nss_die();
     }
+    ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+         "Using nickname %s.", mctx->nickname);
+
     mctx->servercert = FindServerCertFromNickname(mctx->nickname);
 
     /* Verify the certificate chain. */
@@ -601,11 +604,11 @@ static void ssl_init_server_certs(server_rec *s,
         if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess)  {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Certificate not verified: '%s'", mctx->nickname);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
             if (mctx->enforce) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to verify certificate '%s'. Add \"SSLEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname);
-                ssl_die();
+                nss_die();
             }
         }
     }
@@ -614,7 +617,7 @@ static void ssl_init_server_certs(server_rec *s,
     {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
             "Certificate not found: '%s'", mctx->nickname);
-        ssl_die();
+        nss_die();
     }
 
     if (strchr(mctx->nickname, ':'))
@@ -631,9 +634,9 @@ static void ssl_init_server_certs(server_rec *s,
                  */
                 ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                     "Slot not found");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
                 free(token);
-                ssl_die();
+                nss_die();
             }
         }
         free(token);
@@ -647,8 +650,8 @@ static void ssl_init_server_certs(server_rec *s,
     if (mctx->serverkey == NULL) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
             "Key not found for: '%s'", mctx->nickname);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert);
@@ -684,15 +687,15 @@ static void ssl_init_server_certs(server_rec *s,
     if (secstatus != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
             "Error setting PKCS11 pin argument: '%s'", mctx->nickname);
-        ssl_die();
+        nss_die();
     }
     
     secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType);
     if (secstatus != SECSuccess) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
             "SSL error configuring server: '%s'", mctx->nickname);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 
     secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL);
@@ -700,25 +703,25 @@ static void ssl_init_server_certs(server_rec *s,
     {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
             "SSL error configuring handshake callback: '%s'", mctx->nickname);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-        ssl_die();
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
     }
 }
 
-static void ssl_init_server_ctx(server_rec *s,
+static void nss_init_server_ctx(server_rec *s,
                                 apr_pool_t *p,
                                 apr_pool_t *ptemp,
                                 SSLSrvConfigRec *sc)
 {
-    ssl_init_ctx(s, p, ptemp, sc->server);
+    nss_init_ctx(s, p, ptemp, sc->server);
 
-    ssl_init_server_certs(s, p, ptemp, sc->server);
+    nss_init_server_certs(s, p, ptemp, sc->server);
 }
 
 /*
  * Configure a particular server
  */
-void ssl_init_ConfigureServer(server_rec *s,
+void nss_init_ConfigureServer(server_rec *s,
                               apr_pool_t *p,
                               apr_pool_t *ptemp,
                               SSLSrvConfigRec *sc)
@@ -726,23 +729,23 @@ void ssl_init_ConfigureServer(server_rec *s,
     if (sc->enabled) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                      "Configuring server for SSL protocol");
-        ssl_init_server_ctx(s, p, ptemp, sc);
+        nss_init_server_ctx(s, p, ptemp, sc);
     }
 
 #ifdef PROXY
     if (sc->proxy_enabled) {
-        ssl_init_proxy_ctx(s, p, ptemp, sc);
+        nss_init_proxy_ctx(s, p, ptemp, sc);
     }
 #endif
 }
 
-void ssl_init_Child(apr_pool_t *p, server_rec *s)
+void nss_init_Child(apr_pool_t *p, server_rec *s)
 {
     SSLModConfigRec *mc = myModConfig(s);
     mc->pid = getpid(); /* only call getpid() once per-process */
 }
 
-apr_status_t ssl_init_ModuleKill(void *data)
+apr_status_t nss_init_ModuleKill(void *data)
 {
     /* 
      * There is nothing stored at the server level to kill at the moment.
@@ -931,7 +934,7 @@ SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg)
     return SECSuccess;
 }
 
-int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum])
+int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum])
 {
     char * cipher;
     PRBool found, active;
diff --git a/nss_engine_io.c b/nss_engine_io.c
index 27b5671..b13fc51 100644
--- a/nss_engine_io.c
+++ b/nss_engine_io.c
@@ -26,15 +26,15 @@
  * remember what is in this file.  So, first, a quick overview.
  *
  * In this file, you will find:
- * - ssl_io_filter_input    (Apache input filter)
- * - ssl_io_filter_output   (Apache output filter)
+ * - nss_io_filter_input    (Apache input filter)
+ * - nss_io_filter_output   (Apache output filter)
  *
  * - bio_filter_in_*        (OpenSSL input filter)
  * - nspr_filter_out_*       (OpenSSL output filter)
  *
  * The input chain is roughly:
  *
- * ssl_io_filter_input->ssl_io_input_read->SSL_read->...
+ * nss_io_filter_input->nss_io_input_read->SSL_read->...
  * ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter
  *
  * In mortal terminology, we do the following:
@@ -45,21 +45,21 @@
  * - bio_filter_in_read will then try to fetch data from the next httpd filter
  * - bio_filter_in_read will flatten that data and return it to SSL_read
  * - SSL_read will then decrypt the data
- * - ssl_io_input_read will then receive decrypted data as a char* and
+ * - nss_io_input_read will then receive decrypted data as a char* and
  *   ensure that there were no read errors
  * - The char* is placed in a brigade and returned
  *
  * Since connection-level input filters in httpd need to be able to
  * handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings),
- * ssl_io_input_getline which will handle this special case.
+ * nss_io_input_getline which will handle this special case.
  *
  * Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have
  * 'leftover' decoded data which must be setaside for the next read.  That
  * is currently handled by the char_buffer_{read|write} functions.  So,
- * ssl_io_input_read may be able to fulfill reads without invoking
+ * nss_io_input_read may be able to fulfill reads without invoking
  * SSL_read().
  *
- * Note that the filter context of ssl_io_filter_input and bio_filter_in_*
+ * Note that the filter context of nss_io_filter_input and bio_filter_in_*
  * are shared as bio_filter_in_ctx_t.
  *
  * Note that the filter is by choice limited to reading at most
@@ -79,7 +79,7 @@ typedef struct {
     nspr_filter_in_ctx_t *inctx;
     nspr_filter_out_ctx_t *outctx;
     int                nobuffer; /* non-zero to prevent buffering */
-} ssl_filter_ctx_t;
+} nss_filter_ctx_t;
 
 typedef struct {
     int length;
@@ -87,7 +87,7 @@ typedef struct {
 } char_buffer_t;
 
 struct nspr_filter_out_ctx_t {
-    ssl_filter_ctx_t *filter_ctx;
+    nss_filter_ctx_t *filter_ctx;
     apr_bucket_brigade *bb;
     apr_size_t length;
     char buffer[AP_IOBUFSIZE];
@@ -104,7 +104,7 @@ struct nspr_filter_in_ctx_t {
     char_buffer_t cbuf;
     apr_pool_t *pool;
     char buffer[AP_IOBUFSIZE];
-    ssl_filter_ctx_t *filter_ctx;
+    nss_filter_ctx_t *filter_ctx;
 };
 
 /* Global variables for the NSPR I/O layer */
@@ -235,7 +235,7 @@ static PRInt32 PR_CALLBACK
 nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen)
 {
     apr_size_t inl = inlen;
-    ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+    nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
     nspr_filter_in_ctx_t *inctx = filter_ctx->inctx;
     apr_read_type_e block = inctx->block;
 
@@ -296,7 +296,7 @@ nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen)
     return -1;
 }
 
-static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
+static apr_status_t nss_io_input_read(nspr_filter_in_ctx_t *inctx,
                                       char *buf,
                                       apr_size_t *len)
 {
@@ -386,9 +386,9 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
             }
         }
         else /* (rc < 0) */ {
-            int ssl_err = PR_GetError();
+            int nss_err = PR_GetError();
 
-            if (ssl_err == PR_WOULD_BLOCK_ERROR) {
+            if (nss_err == PR_WOULD_BLOCK_ERROR) {
                 /*
                  * If NSPR wants to read more, and we were nonblocking,
                  * report as an EAGAIN.  Otherwise loop, pulling more
@@ -408,7 +408,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
                 }
                 continue;  /* Blocking and nothing yet?  Try again. */
             }
-            else if (ssl_err != 0) {
+            else if (nss_err != 0) {
                 if (APR_STATUS_IS_EAGAIN(inctx->rc)
                         || APR_STATUS_IS_EINTR(inctx->rc)) {
                     /* Already read something, return APR_SUCCESS instead. */
@@ -425,7 +425,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
                     ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
                                 "SSL input filter read failed.");
                     if (inctx->rc == 0)
-                        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
+                        nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server);
                 }
             }
             if (inctx->rc == APR_SUCCESS) {
@@ -437,7 +437,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
     return inctx->rc;
 }
 
-static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
+static apr_status_t nss_io_input_getline(nspr_filter_in_ctx_t *inctx,
                                          char *buf,
                                          apr_size_t *len)
 {
@@ -454,7 +454,7 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
      */
 
     while (tmplen > 0) {
-        status = ssl_io_input_read(inctx, buf + offset, &tmplen);
+        status = nss_io_input_read(inctx, buf + offset, &tmplen);
      
         if (status != APR_SUCCESS) {
             return status;
@@ -488,11 +488,11 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
     return APR_SUCCESS;
 }
 
-static apr_status_t ssl_filter_write(ap_filter_t *f,
+static apr_status_t nss_filter_write(ap_filter_t *f,
                                      const char *data,
                                      apr_size_t len)
 {
-    ssl_filter_ctx_t *filter_ctx = f->ctx;
+    nss_filter_ctx_t *filter_ctx = f->ctx;
     nspr_filter_out_ctx_t *outctx;
     int res;
 
@@ -508,9 +508,9 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
           "Sent returned %d", res);
 
     if (res < 0) {
-        int ssl_err = PR_GetError();
+        int nss_err = PR_GetError();
 
-        if (ssl_err == PR_WOULD_BLOCK_ERROR) {
+        if (nss_err == PR_WOULD_BLOCK_ERROR) {
             /*
              * If NSS wants to write more, and we were nonblocking,
              * report as an EAGAIN.  Otherwise loop, pushing more
@@ -527,8 +527,8 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
              * Log SSL errors
              */
             ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
-                         "SSL library error %d writing data", ssl_err);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
+                         "SSL library error %d writing data", nss_err);
+            nss_log_nss_error(APLOG_MARK, APLOG_INFO, c->base_server);
         }
         if (outctx->rc == APR_SUCCESS) {
             outctx->rc = APR_EGENERAL;
@@ -563,14 +563,14 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
                                alloc)
 
 
-static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
+static void nss_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
 {
     nspr_filter_in_ctx_t *inctx = f->ctx;
     sslconn->ssl = NULL;
     inctx->filter_ctx->pssl = NULL;
 }   
 
-static apr_status_t ssl_io_filter_error(ap_filter_t *f,
+static apr_status_t nss_io_filter_error(ap_filter_t *f,
                                         apr_bucket_brigade *bb,
                                         apr_status_t status)
 {   
@@ -585,8 +585,8 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
                          "SSL handshake failed: HTTP spoken on HTTPS port; "
                          "trying to send HTML error page");
 
-            sslconn->non_ssl_request = 1;
-            ssl_io_filter_disable(sslconn, f);
+            sslconn->non_nss_request = 1;
+            nss_io_filter_disable(sslconn, f);
 
             /* fake the request line */
             bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
@@ -603,9 +603,9 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
     return APR_SUCCESS;
 }
 
-static const char ssl_io_filter[] = "NSS SSL/TLS Filter";
+static const char nss_io_filter[] = "NSS SSL/TLS Filter";
 
-static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
+static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx,
                                            conn_rec *c,
                                            int abortive)
 {
@@ -625,7 +625,7 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
                      "Connection to child %ld closed "
                      "(server %s, client %s)",
                      c->id,
-                     ssl_util_vhostid(c->pool, c->base_server),
+                     nss_util_vhostid(c->pool, c->base_server),
                      c->remote_ip ? c->remote_ip : "unknown");
     }
 
@@ -646,9 +646,9 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
     return APR_SUCCESS;
 }
 
-static apr_status_t ssl_io_filter_cleanup(void *data)
+static apr_status_t nss_io_filter_cleanup(void *data)
 {
-    ssl_filter_ctx_t *filter_ctx = data;
+    nss_filter_ctx_t *filter_ctx = data;
 
     if (filter_ctx->pssl) {
         conn_rec *c = filter_ctx->c;
@@ -664,7 +664,7 @@ static apr_status_t ssl_io_filter_cleanup(void *data)
     return APR_SUCCESS;
 }
 
-static apr_status_t ssl_io_filter_input(ap_filter_t *f,
+static apr_status_t nss_io_filter_input(ap_filter_t *f,
                                         apr_bucket_brigade *bb,
                                         ap_input_mode_t mode,
                                         apr_read_type_e block,
@@ -713,10 +713,10 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
         if (readbytes < len) {
             len = (apr_size_t)readbytes;
         }
-        status = ssl_io_input_read(inctx, inctx->buffer, &len);
+        status = nss_io_input_read(inctx, inctx->buffer, &len);
     }
     else if (inctx->mode == AP_MODE_GETLINE) {
-        status = ssl_io_input_getline(inctx, inctx->buffer, &len);
+        status = nss_io_input_getline(inctx, inctx->buffer, &len);
     }
     else {
         /* We have no idea what you are talking about, so return an error. */
@@ -724,7 +724,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
     }
 
     if (status != APR_SUCCESS) {
-        return ssl_io_filter_error(f, bb, status);
+        return nss_io_filter_error(f, bb, status);
     }
 
     /* Create a transient bucket out of the decrypted data. */
@@ -771,7 +771,7 @@ static int nspr_filter_out_flush(nspr_filter_out_ctx_t *outctx)
 static PRInt32 PR_CALLBACK
 nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl)
 {
-    ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+    nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
     nspr_filter_out_ctx_t *outctx = filter_ctx->outctx;
 
     /* pass along the encrypted data
@@ -791,11 +791,11 @@ nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl)
     return inl;
 }
 
-static apr_status_t ssl_io_filter_output(ap_filter_t *f,
+static apr_status_t nss_io_filter_output(ap_filter_t *f,
                                          apr_bucket_brigade *bb)
 {
     apr_status_t status = APR_SUCCESS;
-    ssl_filter_ctx_t *filter_ctx = f->ctx;
+    nss_filter_ctx_t *filter_ctx = f->ctx;
     nspr_filter_in_ctx_t *inctx;
     nspr_filter_out_ctx_t *outctx;
     apr_read_type_e rblock = APR_NONBLOCK_READ;
@@ -806,7 +806,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
     }
 
     if (!filter_ctx->pssl) {
-        /* ssl_filter_io_shutdown was called */
+        /* nss_filter_io_shutdown was called */
         return ap_pass_brigade(f->next, bb);
     }
 
@@ -858,7 +858,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
              * - issue the SSL_shutdown
              */
             filter_ctx->nobuffer = 1;
-            status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+            status = nss_filter_io_shutdown(filter_ctx, f->c, 0);
             if (status != APR_SUCCESS) {
                 ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
                              "SSL filter error shutting down I/O");
@@ -891,7 +891,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
                 break;
             }
 
-            status = ssl_filter_write(f, data, len);
+            status = nss_filter_write(f, data, len);
             apr_bucket_delete(bucket);
 
             if (status != APR_SUCCESS) {
@@ -902,7 +902,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
     return status;
 }
 
-static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c)
+static void nss_io_output_create(nss_filter_ctx_t *filter_ctx, conn_rec *c)
 {
     nspr_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx));
 
@@ -916,14 +916,14 @@ static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c)
     return;
 }
 
-static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
+static void nss_io_input_add_filter(nss_filter_ctx_t *filter_ctx, conn_rec *c,
                                     PRFileDesc *ssl)
 {
     nspr_filter_in_ctx_t *inctx;
 
     inctx = apr_palloc(c->pool, sizeof(*inctx));
 
-    filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c);
+    filter_ctx->pInputFilter = ap_add_input_filter(nss_io_filter, inctx, NULL, c);
 
     inctx->f = filter_ctx->pInputFilter;
     inctx->rc = APR_SUCCESS;
@@ -937,49 +937,49 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
     filter_ctx->inctx = inctx;
 }
 
-void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl)
+void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl)
 {
-    ssl_filter_ctx_t *filter_ctx;
+    nss_filter_ctx_t *filter_ctx;
 
-    filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
-    filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,
+    filter_ctx = apr_palloc(c->pool, sizeof(nss_filter_ctx_t));
+    filter_ctx->pOutputFilter   = ap_add_output_filter(nss_io_filter,
                                                    filter_ctx, NULL, c);
 
-    ssl_io_input_add_filter(filter_ctx, c, ssl);
-    ssl_io_output_create(filter_ctx, c);
+    nss_io_input_add_filter(filter_ctx, c, ssl);
+    nss_io_output_create(filter_ctx, c);
 
     filter_ctx->pssl = ssl;
     filter_ctx->c = c;
     ssl->lower->secret = (PRFilePrivate *)filter_ctx;
 
     apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
-                              ssl_io_filter_cleanup, apr_pool_cleanup_null);
+                              nss_io_filter_cleanup, apr_pool_cleanup_null);
 
     return;
 }
 
-void ssl_io_filter_register(apr_pool_t *p)
+void nss_io_filter_register(apr_pool_t *p)
 {
-    ap_register_input_filter  (ssl_io_filter, ssl_io_filter_input,  NULL, AP_FTYPE_CONNECTION + 5);
-    ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);  
+    ap_register_input_filter  (nss_io_filter, nss_io_filter_input,  NULL, AP_FTYPE_CONNECTION + 5);
+    ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);  
     return; 
 }
 
-PRFileDesc * ssl_io_new_fd() {
+PRFileDesc * nss_io_new_fd() {
     PRFileDesc *ssl = PR_CreateIOLayerStub(gIdentity, &gMethods);
 
     return ssl;
 }
 
 static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *addr) {
-    ssl_filter_ctx_t *filter_ctx;
+    nss_filter_ctx_t *filter_ctx;
     conn_rec *c;
 
     /* This can occur when doing SSL_ImportFD(NULL, something); */
     if (fd->secret == NULL)
         return PR_FAILURE;
 
-    filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+    filter_ctx = (nss_filter_ctx_t *)(fd->secret);
     c = filter_ctx->c;
 
     return PR_StringToNetAddr(c->remote_ip, addr);
@@ -989,7 +989,7 @@ static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *a
  * Translate NSPR PR_GetSocketOption() calls into apr_socket_opt_get() calls.
  */
 static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocketOptionData *data) {
-    ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+    nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
     conn_rec *c = filter_ctx->c;
     SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */
     apr_int32_t on;
@@ -1050,7 +1050,7 @@ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocket
  * Translate NSPR PR_SetSocketOption() calls into apr_socket_opt_set() calls.
  */
 static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PRSocketOptionData *data) {
-    ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+    nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
     conn_rec *c = filter_ctx->c;
     SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */
     PRStatus rv = PR_FAILURE;
@@ -1132,7 +1132,7 @@ static PRInt32 PR_CALLBACK nspr_filter_send(PRFileDesc *fd, const void *buf, PRI
  * Called once to initialize the NSPR layer that we push for each
  * request.
  */
-int ssl_io_layer_init()
+int nss_io_layer_init()
 {
     const PRIOMethods *defaultMethods;
     int rc = 1;
@@ -1168,17 +1168,17 @@ int ssl_io_layer_init()
 }
 
 SECStatus
-ssl_AuthCertificate(void *arg, PRFileDesc *socket,
+nss_AuthCertificate(void *arg, PRFileDesc *socket,
                   PRBool checksig, PRBool isServer)
 {
     SECStatus           status;
-    ssl_filter_ctx_t   *filter_ctx;
+    nss_filter_ctx_t   *filter_ctx;
 
     if (!arg || !socket) {
         return SECFailure;
     }
 
-    filter_ctx = (ssl_filter_ctx_t *)(socket->lower->secret);
+    filter_ctx = (nss_filter_ctx_t *)(socket->lower->secret);
 
     status = SSL_AuthCertificate(arg, socket, checksig, isServer);
 
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index fb47eff..167b9f0 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -20,7 +20,7 @@ static void HandshakeDone(PRFileDesc *fd, void *doneflag);
 /*
  *  Post Read Request Handler
  */
-int ssl_hook_ReadReq(request_rec *r)
+int nss_hook_ReadReq(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
 
@@ -28,7 +28,7 @@ int ssl_hook_ReadReq(request_rec *r)
         return DECLINED;
     }
 
-    if (sslconn->non_ssl_request) {
+    if (sslconn->non_nss_request) {
         const char *errmsg;
         char *thisurl;
         char *thisport = "";
@@ -56,7 +56,7 @@ int ssl_hook_ReadReq(request_rec *r)
         /* Now that we have caught this error, forget it. we are done
          * with using SSL on this request.
          */
-        sslconn->non_ssl_request = 0;
+        sslconn->non_nss_request = 0;
 
 
         return HTTP_BAD_REQUEST;
@@ -68,7 +68,7 @@ int ssl_hook_ReadReq(request_rec *r)
 /* 
  *  URL Translation Handler
  */
-int ssl_hook_Translate(request_rec *r)
+int nss_hook_Translate(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
  
@@ -86,7 +86,7 @@ int ssl_hook_Translate(request_rec *r)
                      apr_psprintf(r->pool, "Subsequent (No.%d)",
                                   r->connection->keepalives+1)),
                      r->connection->id,
-                     ssl_util_vhostid(r->pool, r->server));
+                     nss_util_vhostid(r->pool, r->server));
     }
 
     return DECLINED;
@@ -96,14 +96,14 @@ int ssl_hook_Translate(request_rec *r)
 /*
  *  Access Handler
  */
-int ssl_hook_Access(request_rec *r)
+int nss_hook_Access(request_rec *r)
 {
     SSLDirConfigRec *dc = myDirConfig(r);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
     SSLConnRec *sslconn = myConnConfig(r->connection);
     PRFileDesc *ssl     = sslconn ? sslconn->ssl : NULL;
     apr_array_header_t *requires; 
-    ssl_require_t *ssl_requires; 
+    nss_require_t *nss_requires; 
     char *cp;
     int ok, i;
     BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
@@ -159,7 +159,7 @@ int ssl_hook_Access(request_rec *r)
      */
     
     /*
-     * Override of SSLCipherSuite
+     * Override of NSSCipherSuite
      *
      * We provide two options here:
      *
@@ -176,7 +176,7 @@ int ssl_hook_Access(request_rec *r)
      *   cipher suite we're happy. Because we can assume we would have
      *   selected it again even when other (better) ciphers exists now in the
      *   new cipher suite. This approach is fine because the user explicitly
-     *   has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
+     *   has to enable this via ``NSSOptions +OptRenegotiate''. So we do no
      *   implicit optimizations.
      */
     if (dc->szCipherSuite) {
@@ -197,12 +197,12 @@ int ssl_hook_Access(request_rec *r)
         /* configure new state */
 
         ciphers = strdup(dc->szCipherSuite);
-        if (ssl_parse_ciphers(r->server, ciphers, ciphers_new) < 0) {
+        if (nss_parse_ciphers(r->server, ciphers, ciphers_new) < 0) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
                          r->server,
                          "Unable to reconfigure (per-directory) "
                          "permitted SSL ciphers");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+            nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server);
             free(ciphers);
     
             return HTTP_FORBIDDEN;
@@ -382,7 +382,7 @@ int ssl_hook_Access(request_rec *r)
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                      "SSL Re-negotiation in conjunction "
                      "with POST method not supported!"
-                     "hint: try SSLOptions +OptRenegotiate");
+                     "hint: try NSSOptions +OptRenegotiate");
 
         return HTTP_METHOD_NOT_ALLOWED;
     }
@@ -525,7 +525,7 @@ int ssl_hook_Access(request_rec *r)
      * we need to postpone setting the username until later.
      */
     if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
-        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+        char *val = nss_var_lookup(r->pool, r->server, r->connection,
                                    r, (char *)dc->szUserName);
         if (val && val[0])
             r->user = val;
@@ -535,17 +535,17 @@ int ssl_hook_Access(request_rec *r)
      * Check SSLRequire boolean expressions
      */
     requires = dc->aRequirement;
-    ssl_requires = (ssl_require_t *)requires->elts;
+    nss_requires = (nss_require_t *)requires->elts;
 
     for (i = 0; i < requires->nelts; i++) {
-        ssl_require_t *req = &ssl_requires[i];
-        ok = ssl_expr_exec(r, req->mpExpr);
+        nss_require_t *req = &nss_requires[i];
+        ok = nss_expr_exec(r, req->mpExpr);
 
         if (ok < 0) {
             cp = apr_psprintf(r->pool,
                               "Failed to execute "
                               "SSL requirement expression: %s",
-                              ssl_expr_get_error());
+                              nss_expr_get_error());
 
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                           "access to %s failed, reason: %s",
@@ -598,7 +598,7 @@ int ssl_hook_Access(request_rec *r)
  *  authenticates a user.  This means that the Module statement for this
  *  module should be LAST in the Configuration file.
  */
-int ssl_hook_UserCheck(request_rec *r)
+int nss_hook_UserCheck(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -650,7 +650,7 @@ int ssl_hook_UserCheck(request_rec *r)
 
     /* 
      * We decline operation in various situations...
-     * - SSLOptions +FakeBasicAuth not configured
+     * - NSSOptions +FakeBasicAuth not configured
      * - r->user already authenticated
      * - ssl not enabled
      * - client did not present a certificate
@@ -697,11 +697,11 @@ int ssl_hook_UserCheck(request_rec *r)
 }
 
 /* authorization phase */
-int ssl_hook_Auth(request_rec *r)
+int nss_hook_Auth(request_rec *r)
 {
     SSLDirConfigRec *dc = myDirConfig(r);
 
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "ssl_hook_Auth");
+    ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "nss_hook_Auth");
     /*
      * Additionally forbid access (again) 
      * when strict require option is used.
@@ -719,7 +719,7 @@ int ssl_hook_Auth(request_rec *r)
  *   Fixup Handler
  */ 
     
-static const char *ssl_hook_Fixup_vars[] = {
+static const char *nss_hook_Fixup_vars[] = {
     "SSL_VERSION_INTERFACE",
     "SSL_VERSION_LIBRARY",
     "SSL_PROTOCOL",
@@ -800,7 +800,7 @@ static const char *ssl_hook_Fixup_vars[] = {
     NULL
 };
 
-int ssl_hook_Fixup(request_rec *r)
+int nss_hook_Fixup(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -823,7 +823,7 @@ int ssl_hook_Fixup(request_rec *r)
      * Set r->user if requested
      */
     if (dc->szUserName) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection,
+        val = nss_var_lookup(r->pool, r->server, r->connection,
                              r, (char *)dc->szUserName);
         if (val && val[0]) {
             r->user = val;
@@ -838,9 +838,9 @@ int ssl_hook_Fixup(request_rec *r)
 
     /* standard SSL environment variables */
     if (dc->nOptions & SSL_OPT_STDENVVARS) {
-        for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
-            var = (char *)ssl_hook_Fixup_vars[i];
-            val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
+        for (i = 0; nss_hook_Fixup_vars[i]; i++) {
+            var = (char *)nss_hook_Fixup_vars[i];
+            val = nss_var_lookup(r->pool, r->server, r->connection, r, var);
             if (!strIsEmpty(val)) {
                 apr_table_setn(env, var, val);
             }
@@ -851,12 +851,12 @@ int ssl_hook_Fixup(request_rec *r)
      * On-demand bloat up the SSI/CGI environment with certificate data
      */
     if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection,
+        val = nss_var_lookup(r->pool, r->server, r->connection,
                              r, "SSL_SERVER_CERT");
 
         apr_table_setn(env, "SSL_SERVER_CERT", val);
 
-        val = ssl_var_lookup(r->pool, r->server, r->connection,
+        val = nss_var_lookup(r->pool, r->server, r->connection,
                              r, "SSL_CLIENT_CERT");
 
         apr_table_setn(env, "SSL_CLIENT_CERT", val);
@@ -879,7 +879,7 @@ int ssl_hook_Fixup(request_rec *r)
 
             for (i = 0; i < n; i++) {
                 var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
-                val = ssl_var_lookup(r->pool, r->server, r->connection,
+                val = nss_var_lookup(r->pool, r->server, r->connection,
                                      r, var);
                 if (val) {
                     apr_table_setn(env, var, val);
diff --git a/nss_engine_log.c b/nss_engine_log.c
index f3f1566..1bb18e5 100644
--- a/nss_engine_log.c
+++ b/nss_engine_log.c
@@ -182,7 +182,7 @@ l_error_t libsec_errors[] = {
     { 144, "SEC_ERROR_OCSP_INVALID_SIGNING_CERT - OCSP signer certificate not found, not trusted or invalid." }
 };
 
-l_error_t libssl_errors[] = {
+l_error_t libnss_errors[] = {
     {  0, "Client does not support high-grade encryption" },
     {  1, "Client requires high-grade encryption which is not supported" },
     {  2, "No common encryption algorithm(s) with client" },
@@ -288,7 +288,7 @@ l_error_t libssl_errors[] = {
     { 102, "Peer does not permit renegotiation of SSL security parameters" }
 };
 
-void ssl_die(void) 
+void nss_die(void) 
 {
     /*
      * This is used for fatal errors and here
@@ -298,7 +298,7 @@ void ssl_die(void)
     exit(1); 
 }
 
-void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
+void nss_log_nss_error(const char *file, int line, int level, server_rec *s)
 {
     const char *err;
     PRInt32 error;
@@ -312,7 +312,7 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
         err = libsec_errors[error-LIBSEC_ERROR_BASE].errorString;
     } else if ((error >= LIBSSL_ERROR_BASE) &&
         (error <= LIBSSL_MAX_ERROR)) {
-        err = libssl_errors[error-LIBSSL_ERROR_BASE].errorString;
+        err = libnss_errors[error-LIBSSL_ERROR_BASE].errorString;
     } else {
          err = "Unknown";
     }
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index cb6643d..61324d7 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -22,10 +22,10 @@ typedef struct {
     PRInt32 retryCount;
 } pphrase_arg_t;
 
-static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg);
-static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg);
-static unsigned char * ssl_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg);
-static PRBool ssl_check_password(unsigned char *cp);
+static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg);
+static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg);
+static unsigned char * nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg);
+static PRBool nss_check_password(unsigned char *cp);
 static void echoOff(int fd);
 static void echoOn(int fd);
 
@@ -40,7 +40,7 @@ static char * prompt;
  *  be authenticated and others will not be.
  */
 
-SECStatus ssl_Init_Tokens(server_rec *s)
+SECStatus nss_Init_Tokens(server_rec *s)
 {
     PK11SlotList        *slotList;
     PK11SlotListElement *listEntry;
@@ -52,7 +52,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
     parg->mc = mc;
     parg->retryCount = 0;
 
-    PK11_SetPasswordFunc(ssl_password_prompt);
+    PK11_SetPasswordFunc(nss_password_prompt);
 
     slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);
 
@@ -85,7 +85,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
      * reset NSS password callback to blank, so that the server won't prompt
      * again after initialization is done.
      */
-    PK11_SetPasswordFunc(ssl_no_password);
+    PK11_SetPasswordFunc(nss_no_password);
 
     free(parg);
     return status; 
@@ -95,7 +95,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
  * Wrapper callback function that prompts the user for the token password
  * up to 3 times.
  */
-static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
+static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
 {
     char *passwd = NULL;
     pphrase_arg_t *parg = (pphrase_arg_t *)arg;
@@ -106,12 +106,12 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
     prompt = PR_smprintf("Please enter password for \"%s\" token:", PK11_GetTokenName(slot));
     if (parg == NULL) {
         // should not happen
-        passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, 0);
+        passwd = nss_get_password(stdin, stdout, slot, nss_check_password, 0);
     } else {
         if (parg->retryCount > 2) {
             passwd = NULL; // abort after 2 retries (3 failed attempts)
         } else {
-            passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, parg);
+            passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg);
         }
     }
 
@@ -126,7 +126,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
         if (!APR_STATUS_IS_SUCCESS(rv)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
                 "Unable to write to pin store for slot: %s APR err: %d",  PK11_GetTokenName(slot), rv);
-            ssl_die();
+            nss_die();
         }
 
         /* Check the result. We don't really care what we got back as long
@@ -143,7 +143,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
            (res != PIN_SUCCESS && res != PIN_INCORRECTPW)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
                 "Unable to read from pin store for slot: %s APR err: %d",  PK11_GetTokenName(slot), rv);
-            ssl_die();
+            nss_die();
         }
     }
 
@@ -155,7 +155,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
  * any actual enforcement here but it demonstrates the sorts of things
  * that may be done.
  */ 
-static PRBool ssl_check_password(unsigned char *cp)
+static PRBool nss_check_password(unsigned char *cp)
 {
     int len;
     unsigned char *end, ch;
@@ -180,7 +180,7 @@ static PRBool ssl_check_password(unsigned char *cp)
  * Password callback so the user is not prompted to enter the password
  * after the server starts.
  */
-static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
+static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
 {
    return NULL;
 }
@@ -190,7 +190,7 @@ static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
  * twiddling with the tty. Alternatively, if the file password.conf
  * exists then it may be used to store the token password(s).
  */
-static unsigned char *ssl_get_password(FILE *input, FILE *output,
+static unsigned char *nss_get_password(FILE *input, FILE *output,
                                        PK11SlotInfo *slot,
                                        PRBool (*ok)(unsigned char *),
                                        pphrase_arg_t *parg)
@@ -229,7 +229,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
         } else {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
                  "Unable to open password file %s", parg->mc->pphrase_dialog_path);
-            ssl_die();
+            nss_die();
         }
     }
 
@@ -246,7 +246,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
         if (!APR_STATUS_IS_SUCCESS(rv)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
                 "Unable to write to pin store for slot: %s APR err: %d",  PK11_GetTokenName(slot), rv);
-            ssl_die();
+            nss_die();
         }
 
         /* The helper just returns a token pw or "", so we don't have much
@@ -257,7 +257,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
         if (!APR_STATUS_IS_SUCCESS(rv)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
                 "Unable to read from pin store for slot: %s APR err: %d",  PK11_GetTokenName(slot), rv);
-            ssl_die();
+            nss_die();
         }
 
         /* Just return what we got. If we got this far and we don't have a 
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 8cb24ce..22d7978 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -26,33 +26,33 @@
 #define CERT_NOTBEFORE 0
 #define CERT_NOTAFTER  1
 
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c);
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
-static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c);
-
-static int ssl_is_https(conn_rec *c)
+static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
+static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
+static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
+static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
+static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
+static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
+static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
+static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c);
+static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var);
+static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var);
+static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c);
+
+static int nss_is_https(conn_rec *c)
 {
     SSLConnRec *sslconn = myConnConfig(c);
     return sslconn && sslconn->ssl;
 }
 
-void ssl_var_register(void)
+void nss_var_register(void)
 {
-    APR_REGISTER_OPTIONAL_FN(ssl_is_https);
-    APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+    APR_REGISTER_OPTIONAL_FN(nss_is_https);
+    APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
     return;
 }
 
 /* This function must remain safe to use for a non-SSL connection. */
-char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
+char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
 {
     SSLModConfigRec *mc = myModConfig(s);
     char *result;
@@ -79,22 +79,22 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
      */
     if (r != NULL) {
         if (strcEQ(var, "HTTP_USER_AGENT"))
-            result = ssl_var_lookup_header(p, r, "User-Agent");
+            result = nss_var_lookup_header(p, r, "User-Agent");
         else if (strcEQ(var, "HTTP_REFERER"))
-            result = ssl_var_lookup_header(p, r, "Referer");
+            result = nss_var_lookup_header(p, r, "Referer");
         else if (strcEQ(var, "HTTP_COOKIE"))
-            result = ssl_var_lookup_header(p, r, "Cookie");
+            result = nss_var_lookup_header(p, r, "Cookie");
         else if (strcEQ(var, "HTTP_FORWARDED"))
-            result = ssl_var_lookup_header(p, r, "Forwarded");
+            result = nss_var_lookup_header(p, r, "Forwarded");
         else if (strcEQ(var, "HTTP_HOST"))
-            result = ssl_var_lookup_header(p, r, "Host");
+            result = nss_var_lookup_header(p, r, "Host");
         else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
-            result = ssl_var_lookup_header(p, r, "Proxy-Connection");
+            result = nss_var_lookup_header(p, r, "Proxy-Connection");
         else if (strcEQ(var, "HTTP_ACCEPT"))
-            result = ssl_var_lookup_header(p, r, "Accept");
+            result = nss_var_lookup_header(p, r, "Accept");
         else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
             /* all other headers from which we are still not know about */
-            result = ssl_var_lookup_header(p, r, var+5);
+            result = nss_var_lookup_header(p, r, var+5);
         else if (strcEQ(var, "THE_REQUEST"))
             result = r->the_request;
         else if (strcEQ(var, "REQUEST_METHOD"))
@@ -142,7 +142,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
             result = r->ap_auth_type;
         else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) 
                  && sslconn && sslconn->ssl)
-            result = ssl_var_lookup_ssl(p, c, var+4);
+            result = nss_var_lookup_ssl(p, c, var+4);
         else if (strcEQ(var, "HTTPS")) {
             if (sslconn && sslconn->ssl)
                 result = "on";
@@ -156,7 +156,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
      */
     if (result == NULL) {
         if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
-            result = ssl_var_lookup_ssl_version(p, var+12);
+            result = nss_var_lookup_nss_version(p, var+12);
         else if (strcEQ(var, "SERVER_SOFTWARE"))
             result = (char *)ap_get_server_version();
         else if (strcEQ(var, "API_VERSION")) {
@@ -216,7 +216,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
     return result;
 }
 
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
+static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
 {
     char *hdr = NULL;
 
@@ -225,7 +225,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na
     return hdr;
 }
 
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
+static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
 {
     SSLConnRec *sslconn = myConnConfig(c);
     char *result;
@@ -236,10 +236,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
 
     ssl = sslconn->ssl;
     if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
-        result = ssl_var_lookup_ssl_version(p, var+8);
+        result = nss_var_lookup_nss_version(p, var+8);
     }
     else if (ssl != NULL && strcEQ(var, "PROTOCOL")) {
-        result = (char *)ssl_var_lookup_protocol_version(p, c);
+        result = (char *)nss_var_lookup_protocol_version(p, c);
     }
     else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
         char *idstr;
@@ -258,27 +258,27 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
         SECITEM_FreeItem(iditem, PR_TRUE);
     }
     else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
-        result = ssl_var_lookup_ssl_cipher(p, c, var+6);
+        result = nss_var_lookup_nss_cipher(p, c, var+6);
     }
     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
         xs = SSL_PeerCertificate(ssl);
         if (xs != NULL) {
-            result = ssl_var_lookup_ssl_cert_chain(p, xs, var+18);
+            result = nss_var_lookup_nss_cert_chain(p, xs, var+18);
             CERT_DestroyCertificate(xs);
         }
     }
     else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
-        result = ssl_var_lookup_ssl_cert_verify(p, c);
+        result = nss_var_lookup_nss_cert_verify(p, c);
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
         if ((xs = SSL_PeerCertificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7, c);
+            result = nss_var_lookup_nss_cert(p, xs, var+7, c);
             CERT_DestroyCertificate(xs);
         }
     }
     else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
         if ((xs = SSL_LocalCertificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7, c);
+            result = nss_var_lookup_nss_cert(p, xs, var+7, c);
             CERT_DestroyCertificate(xs);
         }
     }
@@ -286,7 +286,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c)
+static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c)
 {
     char *result;
     BOOL resdup;
@@ -304,10 +304,10 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
         resdup = FALSE;
     }
     else if (strcEQ(var, "V_START")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTBEFORE);
+        result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTBEFORE);
     }
     else if (strcEQ(var, "V_END")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTAFTER);
+        result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER);
     }
     else if (strcEQ(var, "S_DN")) {
         xsname = CERT_NameToAscii(&xs->subject);
@@ -316,7 +316,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
-        result = ssl_var_lookup_ssl_cert_dn(p, &xs->subject, var+5);
+        result = nss_var_lookup_nss_cert_dn(p, &xs->subject, var+5);
         resdup = FALSE;
     }
     else if (strcEQ(var, "I_DN")) {
@@ -326,7 +326,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
         resdup = FALSE;
     }
     else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
-        result = ssl_var_lookup_ssl_cert_dn(p, &xs->issuer, var+5);
+        result = nss_var_lookup_nss_cert_dn(p, &xs->issuer, var+5);
         resdup = FALSE;
     }
     else if (strcEQ(var, "A_SIG")) {
@@ -367,7 +367,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
         resdup = FALSE;
     }
     else if (strcEQ(var, "CERT")) {
-        result = ssl_var_lookup_ssl_cert_PEM(p, xs);
+        result = nss_var_lookup_nss_cert_PEM(p, xs);
     }
 
     if (result != NULL && resdup)
@@ -375,7 +375,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var)
+static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var)
 {
     char *result;
     char *rv;
@@ -413,7 +413,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type)
+static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type)
 {
     char *result;
     PRExplodedTime   printableTime;
@@ -436,7 +436,7 @@ static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, i
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
+static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
 {
     char *result;
     CERTCertificateList *chain = NULL;
@@ -454,7 +454,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,
         if (n <= chain->len-1) {
             CERTCertificate *c;
             c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &chain->certs[n]);
-            result = ssl_var_lookup_ssl_cert_PEM(p, c);
+            result = nss_var_lookup_nss_cert_PEM(p, c);
             CERT_DestroyCertificate(c);
         }
     }
@@ -466,7 +466,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,
 
 #define CERT_HEADER  "-----BEGIN CERTIFICATE-----\n"
 #define CERT_TRAILER "\n-----END CERTIFICATE-----\n"
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
+static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
 {
     char * result = NULL;
     char * tmp = NULL;
@@ -503,7 +503,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
+static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c)
 {
     SSLConnRec *sslconn = myConnConfig(c);
     char *result;
@@ -538,7 +538,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
     return result;
 }
 
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
+static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var)
 {
     SSLConnRec *sslconn = myConnConfig(c);    
     char *result;
@@ -588,7 +588,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
     return result;
 }
 
-static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var)
+static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var)
 {
     char *result;
 
@@ -610,7 +610,7 @@ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var)
     return result;
 }
 
-static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) 
+static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) 
 {
     char *result;
     SSLChannelInfo      channel;
@@ -651,22 +651,22 @@ static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c)
 
 #include "mod_log_config.h"
 
-static const char *ssl_var_log_handler_c(request_rec *r, char *a);
-static const char *ssl_var_log_handler_x(request_rec *r, char *a);
+static const char *nss_var_log_handler_c(request_rec *r, char *a);
+static const char *nss_var_log_handler_x(request_rec *r, char *a);
 
 /*
  * register us for the mod_log_config function registering phase
  * to establish %{...}c and to be able to expand %{...}x variables.
  */
-void ssl_var_log_config_register(apr_pool_t *p)
+void nss_var_log_config_register(apr_pool_t *p)
 {
     static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_pfn_register;
 
     log_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_log_handler);
 
     if (log_pfn_register) {
-        log_pfn_register(p, "c", ssl_var_log_handler_c, 0);
-        log_pfn_register(p, "x", ssl_var_log_handler_x, 0);
+        log_pfn_register(p, "c", nss_var_log_handler_c, 0);
+        log_pfn_register(p, "x", nss_var_log_handler_x, 0);
     }
     return;
 }
@@ -675,7 +675,7 @@ void ssl_var_log_config_register(apr_pool_t *p)
  * implement the %{..}c log function
  * (we are the only function)
  */
-static const char *ssl_var_log_handler_c(request_rec *r, char *a)
+static const char *nss_var_log_handler_c(request_rec *r, char *a)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
     char *result; 
@@ -684,13 +684,13 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
         return NULL;
     result = NULL;
     if (strEQ(a, "version"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
+        result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
     else if (strEQ(a, "cipher"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
+        result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
     else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
+        result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
     else if (strEQ(a, "issuerdn") || strEQ(a, "cacert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
+        result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
     else if (strEQ(a, "errcode"))
         result = "-";
     if (result != NULL && result[0] == NUL)
@@ -702,11 +702,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
  * extend the implementation of the %{..}x log function
  * (there can be more functions)
  */
-static const char *ssl_var_log_handler_x(request_rec *r, char *a)
+static const char *nss_var_log_handler_x(request_rec *r, char *a)
 {
     char *result;
 
-    result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
+    result = nss_var_lookup(r->pool, r->server, r->connection, r, a);
     if (result != NULL && result[0] == NUL)
         result = NULL;
     return result;
diff --git a/nss_expr.c b/nss_expr.c
index 1e6e445..22da3d6 100644
--- a/nss_expr.c
+++ b/nss_expr.c
@@ -13,19 +13,6 @@
  * limitations under the License.
  */
 
-/*                      _             _
- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
- * | | | | | | (_) | (_| |   \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- *                      |_____|
- *  ssl_expr.c
- *  Expression Handling
- */
-                             /* ``It is hard to fly with
-                                  the eagles when you work
-                                  with the turkeys.''
-                                          -- Unknown  */
 #include "mod_nss.h"
 
 /*  _________________________________________________________________
@@ -34,47 +21,47 @@
 **  _________________________________________________________________
 */
 
-ssl_expr_info_type ssl_expr_info;
-char              *ssl_expr_error;
+nss_expr_info_type nss_expr_info;
+char              *nss_expr_error;
 
-ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr)
+nss_expr *nss_expr_comp(apr_pool_t *p, char *expr)
 {
-    ssl_expr_info.pool       = p;
-    ssl_expr_info.inputbuf   = expr;
-    ssl_expr_info.inputlen   = strlen(expr);
-    ssl_expr_info.inputptr   = ssl_expr_info.inputbuf;
-    ssl_expr_info.expr       = FALSE;
+    nss_expr_info.pool       = p;
+    nss_expr_info.inputbuf   = expr;
+    nss_expr_info.inputlen   = strlen(expr);
+    nss_expr_info.inputptr   = nss_expr_info.inputbuf;
+    nss_expr_info.expr       = FALSE;
 
-    ssl_expr_error = NULL;
-    if (ssl_expr_yyparse())
+    nss_expr_error = NULL;
+    if (nss_expr_yyparse())
         return NULL;
-    return ssl_expr_info.expr;
+    return nss_expr_info.expr;
 }
 
-char *ssl_expr_get_error(void)
+char *nss_expr_get_error(void)
 {
-    if (ssl_expr_error == NULL)
+    if (nss_expr_error == NULL)
         return "";
-    return ssl_expr_error;
+    return nss_expr_error;
 }
 
-ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
+nss_expr *nss_expr_make(nss_expr_node_op op, void *a1, void *a2)
 {
-    ssl_expr *node;
+    nss_expr *node;
 
-    node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
+    node = (nss_expr *)apr_palloc(nss_expr_info.pool, sizeof(nss_expr));
     node->node_op   = op;
     node->node_arg1 = (char *)a1;
     node->node_arg2 = (char *)a2;
     return node;
 }
 
-int ssl_expr_exec(request_rec *r, ssl_expr *expr)
+int nss_expr_exec(request_rec *r, nss_expr *expr)
 {
     BOOL rc;
 
-    rc = ssl_expr_eval(r, expr);
-    if (ssl_expr_error != NULL)
+    rc = nss_expr_eval(r, expr);
+    if (nss_expr_error != NULL)
         return (-1);
     else
         return (rc ? 1 : 0);
diff --git a/nss_expr.h b/nss_expr.h
index 8399159..462f36c 100644
--- a/nss_expr.h
+++ b/nss_expr.h
@@ -13,19 +13,8 @@
  * limitations under the License.
  */
 
-/*                      _             _
- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
- * | | | | | | (_) | (_| |   \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- *                      |_____|
- *  ssl_expr.h
- *  Expression Handling (Header)
- */
-                             /* ``May all your PUSHes be POPed.'' */
-
-#ifndef __SSL_EXPR_H__
-#define __SSL_EXPR_H__
+#ifndef __NSS_EXPR_H__
+#define __NSS_EXPR_H__
 
 #ifndef FALSE
 #define FALSE 0
@@ -64,40 +53,40 @@ typedef enum {
     op_True, op_False, op_Not, op_Or, op_And, op_Comp,
     op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE,
     op_Digit, op_String, op_Regex, op_Var, op_Func
-} ssl_expr_node_op;
+} nss_expr_node_op;
 
 typedef struct {
-    ssl_expr_node_op node_op;
+    nss_expr_node_op node_op;
     void *node_arg1;
     void *node_arg2;
     apr_pool_t *p;
-} ssl_expr_node;
+} nss_expr_node;
 
-typedef ssl_expr_node ssl_expr;
+typedef nss_expr_node nss_expr;
 
 typedef struct {
 	apr_pool_t *pool;
     char     *inputbuf;
     int       inputlen;
     char     *inputptr;
-    ssl_expr *expr;
-} ssl_expr_info_type;
+    nss_expr *expr;
+} nss_expr_info_type;
 
-extern ssl_expr_info_type ssl_expr_info;
-extern char *ssl_expr_error;
+extern nss_expr_info_type nss_expr_info;
+extern char *nss_expr_error;
 
-#define yylval  ssl_expr_yylval
-#define yyerror ssl_expr_yyerror
-#define yyinput ssl_expr_yyinput
+#define yylval  nss_expr_yylval
+#define yyerror nss_expr_yyerror
+#define yyinput nss_expr_yyinput
 
-extern int ssl_expr_yyparse(void);
-extern int ssl_expr_yyerror(char *);
-extern int ssl_expr_yylex(void);
+extern int nss_expr_yyparse(void);
+extern int nss_expr_yyerror(char *);
+extern int nss_expr_yylex(void);
 
-extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *);
-extern int       ssl_expr_exec(request_rec *, ssl_expr *);
-extern char     *ssl_expr_get_error(void);
-extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
-extern BOOL      ssl_expr_eval(request_rec *, ssl_expr *);
+extern nss_expr *nss_expr_comp(apr_pool_t *, char *);
+extern int       nss_expr_exec(request_rec *, nss_expr *);
+extern char     *nss_expr_get_error(void);
+extern nss_expr *nss_expr_make(nss_expr_node_op, void *, void *);
+extern BOOL      nss_expr_eval(request_rec *, nss_expr *);
 
-#endif /* __SSL_EXPR_H__ */
+#endif /* __NSS_EXPR_H__ */
diff --git a/nss_expr_eval.c b/nss_expr_eval.c
index c3aa316..ff0545c 100644
--- a/nss_expr_eval.c
+++ b/nss_expr_eval.c
@@ -13,18 +13,6 @@
  * limitations under the License.
  */
 
-/*                      _             _
- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
- * | | | | | | (_) | (_| |   \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- *                      |_____|
- *  ssl_expr_eval.c
- *  Expression Evaluation
- */
-                             /* ``Make love,
-                                  not software!''
-                                        -- Unknown */
 #include "mod_nss.h"
 
 /*  _________________________________________________________________
@@ -33,12 +21,12 @@
 **  _________________________________________________________________
 */
 
-static BOOL  ssl_expr_eval_comp(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_func_file(request_rec *, char *);
-static int   ssl_expr_eval_strcmplex(char *, char *);
+static BOOL  nss_expr_eval_comp(request_rec *, nss_expr *);
+static char *nss_expr_eval_word(request_rec *, nss_expr *);
+static char *nss_expr_eval_func_file(request_rec *, char *);
+static int   nss_expr_eval_strcmplex(char *, char *);
 
-BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
+BOOL nss_expr_eval(request_rec *r, nss_expr *node)
 {
     switch (node->node_op) {
         case op_True: {
@@ -48,73 +36,73 @@ BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
             return FALSE;
         }
         case op_Not: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return (!ssl_expr_eval(r, e));
+            nss_expr *e = (nss_expr *)node->node_arg1;
+            return (!nss_expr_eval(r, e));
         }
         case op_Or: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval(r, e1) || nss_expr_eval(r, e2));
         }
         case op_And: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval(r, e1) && nss_expr_eval(r, e2));
         }
         case op_Comp: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return ssl_expr_eval_comp(r, e);
+            nss_expr *e = (nss_expr *)node->node_arg1;
+            return nss_expr_eval_comp(r, e);
         }
         default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
+            nss_expr_error = "Internal evaluation error: Unknown expression node";
             return FALSE;
         }
     }
 }
 
-static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
+static BOOL nss_expr_eval_comp(request_rec *r, nss_expr *node)
 {
     switch (node->node_op) {
         case op_EQ: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) == 0);
         }
         case op_NE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) != 0);
         }
         case op_LT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <  0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) <  0);
         }
         case op_LE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) <= 0);
         }
         case op_GT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >  0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) >  0);
         }
         case op_GE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) >= 0);
         }
         case op_IN: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            ssl_expr *e3;
-            char *w1 = ssl_expr_eval_word(r, e1);
+            nss_expr *e1 = (nss_expr *)node->node_arg1;
+            nss_expr *e2 = (nss_expr *)node->node_arg2;
+            nss_expr *e3;
+            char *w1 = nss_expr_eval_word(r, e1);
             BOOL found = FALSE;
             do {
-                e3 = (ssl_expr *)e2->node_arg1;
-                e2 = (ssl_expr *)e2->node_arg2;
-                if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
+                e3 = (nss_expr *)e2->node_arg1;
+                e2 = (nss_expr *)e2->node_arg2;
+                if (strcmp(w1, nss_expr_eval_word(r, e3)) == 0) {
                     found = TRUE;
                     break;
                 }
@@ -122,37 +110,37 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
             return found;
         }
         case op_REG: {
-            ssl_expr *e1;
-            ssl_expr *e2;
+            nss_expr *e1;
+            nss_expr *e2;
             char *word;
             regex_t *regex;
 
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
+            e1 = (nss_expr *)node->node_arg1;
+            e2 = (nss_expr *)node->node_arg2;
+            word = nss_expr_eval_word(r, e1);
             regex = (regex_t *)(e2->node_arg1);
             return (ap_regexec(regex, word, 0, NULL, 0) == 0);
         }
         case op_NRE: {
-            ssl_expr *e1;
-            ssl_expr *e2;
+            nss_expr *e1;
+            nss_expr *e2;
             char *word;
             regex_t *regex;
 
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
+            e1 = (nss_expr *)node->node_arg1;
+            e2 = (nss_expr *)node->node_arg2;
+            word = nss_expr_eval_word(r, e1);
             regex = (regex_t *)(e2->node_arg1);
             return !(ap_regexec(regex, word, 0, NULL, 0) == 0);
         }
         default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
+            nss_expr_error = "Internal evaluation error: Unknown expression node";
             return FALSE;
         }
     }
 }
 
-static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
+static char *nss_expr_eval_word(request_rec *r, nss_expr *node)
 {
     switch (node->node_op) {
         case op_Digit: {
@@ -165,27 +153,27 @@ static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
         }
         case op_Var: {
             char *var = (char *)node->node_arg1;
-            char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
+            char *val = nss_var_lookup(r->pool, r->server, r->connection, r, var);
             return (val == NULL ? "" : val);
         }
         case op_Func: {
             char *name = (char *)node->node_arg1;
-            ssl_expr *args = (ssl_expr *)node->node_arg2;
+            nss_expr *args = (nss_expr *)node->node_arg2;
             if (strEQ(name, "file"))
-                return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
+                return nss_expr_eval_func_file(r, (char *)(args->node_arg1));
             else {
-                ssl_expr_error = "Internal evaluation error: Unknown function name";
+                nss_expr_error = "Internal evaluation error: Unknown function name";
                 return "";
             }
         }
         default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
+            nss_expr_error = "Internal evaluation error: Unknown expression node";
             return FALSE;
         }
     }
 }
 
-static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
+static char *nss_expr_eval_func_file(request_rec *r, char *filename)
 {
     apr_file_t *fp;
     char *buf;
@@ -195,12 +183,12 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
 
     if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, 
                       APR_OS_DEFAULT, r->pool) != APR_SUCCESS) {
-        ssl_expr_error = "Cannot open file";
+        nss_expr_error = "Cannot open file";
         return "";
     }
     apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
     if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) {
-        ssl_expr_error = "Huge file cannot be read";
+        nss_expr_error = "Huge file cannot be read";
         apr_file_close(fp);
         return "";
     }
@@ -211,14 +199,14 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
     }
     else {
         if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) {
-            ssl_expr_error = "Cannot allocate memory";
+            nss_expr_error = "Cannot allocate memory";
             apr_file_close(fp);
             return "";
         }
         offset = 0;
         apr_file_seek(fp, APR_SET, &offset);
         if (apr_file_read(fp, buf, &len) != APR_SUCCESS) {
-            ssl_expr_error = "Cannot read from file";
+            nss_expr_error = "Cannot read from file";
             apr_file_close(fp);
             return "";
         }
@@ -229,7 +217,7 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
 }
 
 /* a variant of strcmp(3) which works correctly also for number strings */
-static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
+static int nss_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
 {
     int i, n1, n2;
 
diff --git a/ssl_expr_parse.c b/nss_expr_parse.c
similarity index 53%
rename from ssl_expr_parse.c
rename to nss_expr_parse.c
index 2eed2a0..cdca82e 100644
--- a/ssl_expr_parse.c
+++ b/nss_expr_parse.c
@@ -1,5 +1,5 @@
 
-/*  A Bison parser, made from ssl_expr_parse.y
+/*  A Bison parser, made from nss_expr_parse.y
     by GNU Bison version 1.28  */
 
 #define YYBISON 1  /* Identify Bison output.  */
@@ -25,14 +25,14 @@
 #define	T_OP_AND	275
 #define	T_OP_NOT	276
 
-#line 34 "ssl_expr_parse.y"
+#line 22 "nss_expr_parse.y"
 
 #include "mod_nss.h"
 
-#line 38 "ssl_expr_parse.y"
+#line 26 "nss_expr_parse.y"
 typedef union {
     char     *cpVal;
-    ssl_expr *exVal;
+    nss_expr *exVal;
 } YYSTYPE;
 #include <stdio.h>
 
@@ -48,9 +48,9 @@ typedef union {
 #define	YYFLAG		-32768
 #define	YYNTBASE	29
 
-#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? ssl_expr_yytranslate[x] : 36)
+#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? nss_expr_yytranslate[x] : 36)
 
-static const char ssl_expr_yytranslate[] = {     0,
+static const char nss_expr_yytranslate[] = {     0,
      2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
      2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
      2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
@@ -82,13 +82,13 @@ static const char ssl_expr_yytranslate[] = {     0,
 };
 
 #if YYDEBUG != 0
-static const short ssl_expr_yyprhs[] = {     0,
+static const short nss_expr_yyprhs[] = {     0,
      0,     2,     4,     6,     9,    13,    17,    19,    23,    27,
     31,    35,    39,    43,    47,    53,    57,    61,    63,    67,
     69,    71,    76,    78,    80,    82
 };
 
-static const short ssl_expr_yyrhs[] = {    30,
+static const short nss_expr_yyrhs[] = {    30,
      0,     3,     0,     4,     0,    22,    30,     0,    30,    20,
     30,     0,    30,    21,    30,     0,    31,     0,    23,    30,
     24,     0,    33,    11,    33,     0,    33,    12,    33,     0,
@@ -103,17 +103,17 @@ static const short ssl_expr_yyrhs[] = {    30,
 #endif
 
 #if YYDEBUG != 0
-static const short ssl_expr_yyrline[] = { 0,
-    81,    84,    85,    86,    87,    88,    89,    90,    93,    94,
-    95,    96,    97,    98,    99,   100,   101,   104,   105,   108,
-   109,   110,   111,   114,   123,   134
+static const short nss_expr_yyrline[] = { 0,
+    69,    72,    73,    74,    75,    76,    77,    78,    81,    82,
+    83,    84,    85,    86,    87,    88,    89,    92,    93,    96,
+    97,    98,    99,   102,   111,   122
 };
 #endif
 
 
 #if YYDEBUG != 0 || defined (YYERROR_VERBOSE)
 
-static const char * const ssl_expr_yytname[] = {   "$","error","$undefined.","T_TRUE",
+static const char * const nss_expr_yytname[] = {   "$","error","$undefined.","T_TRUE",
 "T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ",
 "T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN",
 "T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr",
@@ -121,19 +121,19 @@ static const char * const ssl_expr_yytname[] = {   "$","error","$undefined.","T_
 };
 #endif
 
-static const short ssl_expr_yyr1[] = {     0,
+static const short nss_expr_yyr1[] = {     0,
     29,    30,    30,    30,    30,    30,    30,    30,    31,    31,
     31,    31,    31,    31,    31,    31,    31,    32,    32,    33,
     33,    33,    33,    34,    34,    35
 };
 
-static const short ssl_expr_yyr2[] = {     0,
+static const short nss_expr_yyr2[] = {     0,
      1,     1,     1,     2,     3,     3,     1,     3,     3,     3,
      3,     3,     3,     3,     5,     3,     3,     1,     3,     1,
      1,     4,     1,     1,     1,     4
 };
 
-static const short ssl_expr_yydefact[] = {     0,
+static const short nss_expr_yydefact[] = {     0,
      2,     3,    20,    21,     0,     0,     0,     0,     1,     7,
      0,    23,     0,     4,     0,     0,     0,     0,     0,     0,
      0,     0,     0,     0,     0,     0,     0,     0,     8,     0,
@@ -142,11 +142,11 @@ static const short ssl_expr_yydefact[] = {     0,
      0,     0,     0
 };
 
-static const short ssl_expr_yydefgoto[] = {    51,
+static const short nss_expr_yydefgoto[] = {    51,
      9,    10,    46,    11,    41,    12
 };
 
-static const short ssl_expr_yypact[] = {     3,
+static const short nss_expr_yypact[] = {     3,
 -32768,-32768,-32768,-32768,   -11,     3,     3,   -10,     0,-32768,
     22,-32768,    16,-32768,    -2,    23,     3,     3,     4,     4,
      4,     4,     4,     4,    34,    34,    21,    24,-32768,    25,
@@ -155,7 +155,7 @@ static const short ssl_expr_yypact[] = {     3,
     49,    50,-32768
 };
 
-static const short ssl_expr_yypgoto[] = {-32768,
+static const short nss_expr_yypgoto[] = {-32768,
     10,-32768,-32768,   -19,    27,-32768
 };
 
@@ -163,7 +163,7 @@ static const short ssl_expr_yypgoto[] = {-32768,
 #define	YYLAST		53
 
 
-static const short ssl_expr_yytable[] = {    33,
+static const short nss_expr_yytable[] = {    33,
     34,    35,    36,    37,    38,     1,     2,     3,     3,     4,
      4,    13,     5,     5,    16,    14,    15,    17,    18,    17,
     18,    29,    28,    47,     6,     7,    31,    32,    30,    50,
@@ -172,7 +172,7 @@ static const short ssl_expr_yytable[] = {    33,
     45,     0,    42
 };
 
-static const short ssl_expr_yycheck[] = {    19,
+static const short nss_expr_yycheck[] = {    19,
     20,    21,    22,    23,    24,     3,     4,     5,     5,     7,
      7,    23,    10,    10,    25,     6,     7,    20,    21,    20,
     21,    24,     7,    43,    22,    23,    17,    18,     6,    49,
@@ -264,50 +264,50 @@ static const short ssl_expr_yycheck[] = {    19,
    It is replaced by the list of actions, each action
    as one case of the switch.  */
 
-#define ssl_expr_yyerrok		(ssl_expr_yyerrstatus = 0)
-#define ssl_expr_yyclearin	(ssl_expr_yychar = YYEMPTY)
+#define nss_expr_yyerrok		(nss_expr_yyerrstatus = 0)
+#define nss_expr_yyclearin	(nss_expr_yychar = YYEMPTY)
 #define YYEMPTY		-2
 #define YYEOF		0
-#define YYACCEPT	goto ssl_expr_yyacceptlab
-#define YYABORT 	goto ssl_expr_yyabortlab
-#define YYERROR		goto ssl_expr_yyerrlab1
-/* Like YYERROR except do call ssl_expr_yyerror.
+#define YYACCEPT	goto nss_expr_yyacceptlab
+#define YYABORT 	goto nss_expr_yyabortlab
+#define YYERROR		goto nss_expr_yyerrlab1
+/* Like YYERROR except do call nss_expr_yyerror.
    This remains here temporarily to ease the
    transition to the new meaning of YYERROR, for GCC.
    Once GCC version 2 has supplanted version 1, this can go.  */
-#define YYFAIL		goto ssl_expr_yyerrlab
-#define YYRECOVERING()  (!!ssl_expr_yyerrstatus)
+#define YYFAIL		goto nss_expr_yyerrlab
+#define YYRECOVERING()  (!!nss_expr_yyerrstatus)
 #define YYBACKUP(token, value) \
 do								\
-  if (ssl_expr_yychar == YYEMPTY && ssl_expr_yylen == 1)				\
-    { ssl_expr_yychar = (token), ssl_expr_yylval = (value);			\
-      ssl_expr_yychar1 = YYTRANSLATE (ssl_expr_yychar);				\
+  if (nss_expr_yychar == YYEMPTY && nss_expr_yylen == 1)				\
+    { nss_expr_yychar = (token), nss_expr_yylval = (value);			\
+      nss_expr_yychar1 = YYTRANSLATE (nss_expr_yychar);				\
       YYPOPSTACK;						\
-      goto ssl_expr_yybackup;						\
+      goto nss_expr_yybackup;						\
     }								\
   else								\
-    { ssl_expr_yyerror ("syntax error: cannot back up"); YYERROR; }	\
+    { nss_expr_yyerror ("syntax error: cannot back up"); YYERROR; }	\
 while (0)
 
 #define YYTERROR	1
 #define YYERRCODE	256
 
 #ifndef YYPURE
-#define YYLEX		ssl_expr_yylex()
+#define YYLEX		nss_expr_yylex()
 #endif
 
 #ifdef YYPURE
 #ifdef YYLSP_NEEDED
 #ifdef YYLEX_PARAM
-#define YYLEX		ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc, YYLEX_PARAM)
+#define YYLEX		nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc, YYLEX_PARAM)
 #else
-#define YYLEX		ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc)
+#define YYLEX		nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc)
 #endif
 #else /* not YYLSP_NEEDED */
 #ifdef YYLEX_PARAM
-#define YYLEX		ssl_expr_yylex(&ssl_expr_yylval, YYLEX_PARAM)
+#define YYLEX		nss_expr_yylex(&nss_expr_yylval, YYLEX_PARAM)
 #else
-#define YYLEX		ssl_expr_yylex(&ssl_expr_yylval)
+#define YYLEX		nss_expr_yylex(&nss_expr_yylval)
 #endif
 #endif /* not YYLSP_NEEDED */
 #endif
@@ -316,20 +316,20 @@ while (0)
 
 #ifndef YYPURE
 
-int	ssl_expr_yychar;			/*  the lookahead symbol		*/
-YYSTYPE	ssl_expr_yylval;			/*  the semantic value of the		*/
+int	nss_expr_yychar;			/*  the lookahead symbol		*/
+YYSTYPE	nss_expr_yylval;			/*  the semantic value of the		*/
 				/*  lookahead symbol			*/
 
 #ifdef YYLSP_NEEDED
-YYLTYPE ssl_expr_yylloc;			/*  location data for the lookahead	*/
+YYLTYPE nss_expr_yylloc;			/*  location data for the lookahead	*/
 				/*  symbol				*/
 #endif
 
-int ssl_expr_yynerrs;			/*  number of parse errors so far       */
+int nss_expr_yynerrs;			/*  number of parse errors so far       */
 #endif  /* not YYPURE */
 
 #if YYDEBUG != 0
-int ssl_expr_yydebug;			/*  nonzero means print parse trace	*/
+int nss_expr_yydebug;			/*  nonzero means print parse trace	*/
 /* Since this is uninitialized, it does not stop multiple parsers
    from coexisting.  */
 #endif
@@ -351,20 +351,20 @@ int ssl_expr_yydebug;			/*  nonzero means print parse trace	*/
 #define YYMAXDEPTH 10000
 #endif
 

-/* Define __ssl_expr_yy_memcpy.  Note that the size argument
+/* Define __nss_expr_yy_memcpy.  Note that the size argument
    should be passed with type unsigned int, because that is what the non-GCC
    definitions require.  With GCC, __builtin_memcpy takes an arg
    of type size_t, but it can handle unsigned int.  */
 
 #if __GNUC__ > 1		/* GNU C and GNU C++ define this.  */
-#define __ssl_expr_yy_memcpy(TO,FROM,COUNT)	__builtin_memcpy(TO,FROM,COUNT)
+#define __nss_expr_yy_memcpy(TO,FROM,COUNT)	__builtin_memcpy(TO,FROM,COUNT)
 #else				/* not GNU C or C++ */
 #ifndef __cplusplus
 
 /* This is the most reliable way to avoid incompatibilities
    in available built-in functions on various systems.  */
 static void
-__ssl_expr_yy_memcpy (to, from, count)
+__nss_expr_yy_memcpy (to, from, count)
      char *to;
      char *from;
      unsigned int count;
@@ -382,7 +382,7 @@ __ssl_expr_yy_memcpy (to, from, count)
 /* This is the most reliable way to avoid incompatibilities
    in available built-in functions on various systems.  */
 static void
-__ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
+__nss_expr_yy_memcpy (char *to, char *from, unsigned int count)
 {
   register char *t = to;
   register char *f = from;
@@ -398,7 +398,7 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
 #line 217 "/usr/lib/bison.simple"
 
 /* The user can define YYPARSE_PARAM as the name of an argument to be passed
-   into ssl_expr_yyparse.  The argument should have type void *.
+   into nss_expr_yyparse.  The argument should have type void *.
    It should actually point to an object.
    Grammar actions can access the variable by casting it
    to the proper pointer type.  */
@@ -419,470 +419,470 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
 /* Prevent warning if -Wstrict-prototypes.  */
 #ifdef __GNUC__
 #ifdef YYPARSE_PARAM
-int ssl_expr_yyparse (void *);
+int nss_expr_yyparse (void *);
 #else
-int ssl_expr_yyparse (void);
+int nss_expr_yyparse (void);
 #endif
 #endif
 
 int
-ssl_expr_yyparse(YYPARSE_PARAM_ARG)
+nss_expr_yyparse(YYPARSE_PARAM_ARG)
      YYPARSE_PARAM_DECL
 {
-  register int ssl_expr_yystate;
-  register int ssl_expr_yyn;
-  register short *ssl_expr_yyssp;
-  register YYSTYPE *ssl_expr_yyvsp;
-  int ssl_expr_yyerrstatus;	/*  number of tokens to shift before error messages enabled */
-  int ssl_expr_yychar1 = 0;		/*  lookahead token as an internal (translated) token number */
+  register int nss_expr_yystate;
+  register int nss_expr_yyn;
+  register short *nss_expr_yyssp;
+  register YYSTYPE *nss_expr_yyvsp;
+  int nss_expr_yyerrstatus;	/*  number of tokens to shift before error messages enabled */
+  int nss_expr_yychar1 = 0;		/*  lookahead token as an internal (translated) token number */
 
-  short	ssl_expr_yyssa[YYINITDEPTH];	/*  the state stack			*/
-  YYSTYPE ssl_expr_yyvsa[YYINITDEPTH];	/*  the semantic value stack		*/
+  short	nss_expr_yyssa[YYINITDEPTH];	/*  the state stack			*/
+  YYSTYPE nss_expr_yyvsa[YYINITDEPTH];	/*  the semantic value stack		*/
 
-  short *ssl_expr_yyss = ssl_expr_yyssa;		/*  refer to the stacks thru separate pointers */
-  YYSTYPE *ssl_expr_yyvs = ssl_expr_yyvsa;	/*  to allow ssl_expr_yyoverflow to reallocate them elsewhere */
+  short *nss_expr_yyss = nss_expr_yyssa;		/*  refer to the stacks thru separate pointers */
+  YYSTYPE *nss_expr_yyvs = nss_expr_yyvsa;	/*  to allow nss_expr_yyoverflow to reallocate them elsewhere */
 
 #ifdef YYLSP_NEEDED
-  YYLTYPE ssl_expr_yylsa[YYINITDEPTH];	/*  the location stack			*/
-  YYLTYPE *ssl_expr_yyls = ssl_expr_yylsa;
-  YYLTYPE *ssl_expr_yylsp;
+  YYLTYPE nss_expr_yylsa[YYINITDEPTH];	/*  the location stack			*/
+  YYLTYPE *nss_expr_yyls = nss_expr_yylsa;
+  YYLTYPE *nss_expr_yylsp;
 
-#define YYPOPSTACK   (ssl_expr_yyvsp--, ssl_expr_yyssp--, ssl_expr_yylsp--)
+#define YYPOPSTACK   (nss_expr_yyvsp--, nss_expr_yyssp--, nss_expr_yylsp--)
 #else
-#define YYPOPSTACK   (ssl_expr_yyvsp--, ssl_expr_yyssp--)
+#define YYPOPSTACK   (nss_expr_yyvsp--, nss_expr_yyssp--)
 #endif
 
-  int ssl_expr_yystacksize = YYINITDEPTH;
-  int ssl_expr_yyfree_stacks = 0;
+  int nss_expr_yystacksize = YYINITDEPTH;
+  int nss_expr_yyfree_stacks = 0;
 
 #ifdef YYPURE
-  int ssl_expr_yychar;
-  YYSTYPE ssl_expr_yylval;
-  int ssl_expr_yynerrs;
+  int nss_expr_yychar;
+  YYSTYPE nss_expr_yylval;
+  int nss_expr_yynerrs;
 #ifdef YYLSP_NEEDED
-  YYLTYPE ssl_expr_yylloc;
+  YYLTYPE nss_expr_yylloc;
 #endif
 #endif
 
-  YYSTYPE ssl_expr_yyval;		/*  the variable used to return		*/
+  YYSTYPE nss_expr_yyval;		/*  the variable used to return		*/
 				/*  semantic values from the action	*/
 				/*  routines				*/
 
-  int ssl_expr_yylen;
+  int nss_expr_yylen;
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
+  if (nss_expr_yydebug)
     fprintf(stderr, "Starting parse\n");
 #endif
 
-  ssl_expr_yystate = 0;
-  ssl_expr_yyerrstatus = 0;
-  ssl_expr_yynerrs = 0;
-  ssl_expr_yychar = YYEMPTY;		/* Cause a token to be read.  */
+  nss_expr_yystate = 0;
+  nss_expr_yyerrstatus = 0;
+  nss_expr_yynerrs = 0;
+  nss_expr_yychar = YYEMPTY;		/* Cause a token to be read.  */
 
   /* Initialize stack pointers.
      Waste one element of value and location stack
      so that they stay on the same level as the state stack.
      The wasted elements are never initialized.  */
 
-  ssl_expr_yyssp = ssl_expr_yyss - 1;
-  ssl_expr_yyvsp = ssl_expr_yyvs;
+  nss_expr_yyssp = nss_expr_yyss - 1;
+  nss_expr_yyvsp = nss_expr_yyvs;
 #ifdef YYLSP_NEEDED
-  ssl_expr_yylsp = ssl_expr_yyls;
+  nss_expr_yylsp = nss_expr_yyls;
 #endif
 
-/* Push a new state, which is found in  ssl_expr_yystate  .  */
+/* Push a new state, which is found in  nss_expr_yystate  .  */
 /* In all cases, when you get here, the value and location stacks
    have just been pushed. so pushing a state here evens the stacks.  */
-ssl_expr_yynewstate:
+nss_expr_yynewstate:
 
-  *++ssl_expr_yyssp = ssl_expr_yystate;
+  *++nss_expr_yyssp = nss_expr_yystate;
 
-  if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
+  if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1)
     {
       /* Give user a chance to reallocate the stack */
       /* Use copies of these so that the &'s don't force the real ones into memory. */
-      YYSTYPE *ssl_expr_yyvs1 = ssl_expr_yyvs;
-      short *ssl_expr_yyss1 = ssl_expr_yyss;
+      YYSTYPE *nss_expr_yyvs1 = nss_expr_yyvs;
+      short *nss_expr_yyss1 = nss_expr_yyss;
 #ifdef YYLSP_NEEDED
-      YYLTYPE *ssl_expr_yyls1 = ssl_expr_yyls;
+      YYLTYPE *nss_expr_yyls1 = nss_expr_yyls;
 #endif
 
       /* Get the current used size of the three stacks, in elements.  */
-      int size = ssl_expr_yyssp - ssl_expr_yyss + 1;
+      int size = nss_expr_yyssp - nss_expr_yyss + 1;
 
-#ifdef ssl_expr_yyoverflow
+#ifdef nss_expr_yyoverflow
       /* Each stack pointer address is followed by the size of
 	 the data in use in that stack, in bytes.  */
 #ifdef YYLSP_NEEDED
       /* This used to be a conditional around just the two extra args,
-	 but that might be undefined if ssl_expr_yyoverflow is a macro.  */
-      ssl_expr_yyoverflow("parser stack overflow",
-		 &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
-		 &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
-		 &ssl_expr_yyls1, size * sizeof (*ssl_expr_yylsp),
-		 &ssl_expr_yystacksize);
+	 but that might be undefined if nss_expr_yyoverflow is a macro.  */
+      nss_expr_yyoverflow("parser stack overflow",
+		 &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp),
+		 &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp),
+		 &nss_expr_yyls1, size * sizeof (*nss_expr_yylsp),
+		 &nss_expr_yystacksize);
 #else
-      ssl_expr_yyoverflow("parser stack overflow",
-		 &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
-		 &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
-		 &ssl_expr_yystacksize);
+      nss_expr_yyoverflow("parser stack overflow",
+		 &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp),
+		 &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp),
+		 &nss_expr_yystacksize);
 #endif
 
-      ssl_expr_yyss = ssl_expr_yyss1; ssl_expr_yyvs = ssl_expr_yyvs1;
+      nss_expr_yyss = nss_expr_yyss1; nss_expr_yyvs = nss_expr_yyvs1;
 #ifdef YYLSP_NEEDED
-      ssl_expr_yyls = ssl_expr_yyls1;
+      nss_expr_yyls = nss_expr_yyls1;
 #endif
-#else /* no ssl_expr_yyoverflow */
+#else /* no nss_expr_yyoverflow */
       /* Extend the stack our own way.  */
-      if (ssl_expr_yystacksize >= YYMAXDEPTH)
+      if (nss_expr_yystacksize >= YYMAXDEPTH)
 	{
-	  ssl_expr_yyerror("parser stack overflow");
-	  if (ssl_expr_yyfree_stacks)
+	  nss_expr_yyerror("parser stack overflow");
+	  if (nss_expr_yyfree_stacks)
 	    {
-	      free (ssl_expr_yyss);
-	      free (ssl_expr_yyvs);
+	      free (nss_expr_yyss);
+	      free (nss_expr_yyvs);
 #ifdef YYLSP_NEEDED
-	      free (ssl_expr_yyls);
+	      free (nss_expr_yyls);
 #endif
 	    }
 	  return 2;
 	}
-      ssl_expr_yystacksize *= 2;
-      if (ssl_expr_yystacksize > YYMAXDEPTH)
-	ssl_expr_yystacksize = YYMAXDEPTH;
+      nss_expr_yystacksize *= 2;
+      if (nss_expr_yystacksize > YYMAXDEPTH)
+	nss_expr_yystacksize = YYMAXDEPTH;
 #ifndef YYSTACK_USE_ALLOCA
-      ssl_expr_yyfree_stacks = 1;
+      nss_expr_yyfree_stacks = 1;
 #endif
-      ssl_expr_yyss = (short *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyssp));
-      __ssl_expr_yy_memcpy ((char *)ssl_expr_yyss, (char *)ssl_expr_yyss1,
-		   size * (unsigned int) sizeof (*ssl_expr_yyssp));
-      ssl_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyvsp));
-      __ssl_expr_yy_memcpy ((char *)ssl_expr_yyvs, (char *)ssl_expr_yyvs1,
-		   size * (unsigned int) sizeof (*ssl_expr_yyvsp));
+      nss_expr_yyss = (short *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyssp));
+      __nss_expr_yy_memcpy ((char *)nss_expr_yyss, (char *)nss_expr_yyss1,
+		   size * (unsigned int) sizeof (*nss_expr_yyssp));
+      nss_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyvsp));
+      __nss_expr_yy_memcpy ((char *)nss_expr_yyvs, (char *)nss_expr_yyvs1,
+		   size * (unsigned int) sizeof (*nss_expr_yyvsp));
 #ifdef YYLSP_NEEDED
-      ssl_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yylsp));
-      __ssl_expr_yy_memcpy ((char *)ssl_expr_yyls, (char *)ssl_expr_yyls1,
-		   size * (unsigned int) sizeof (*ssl_expr_yylsp));
+      nss_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yylsp));
+      __nss_expr_yy_memcpy ((char *)nss_expr_yyls, (char *)nss_expr_yyls1,
+		   size * (unsigned int) sizeof (*nss_expr_yylsp));
 #endif
-#endif /* no ssl_expr_yyoverflow */
+#endif /* no nss_expr_yyoverflow */
 
-      ssl_expr_yyssp = ssl_expr_yyss + size - 1;
-      ssl_expr_yyvsp = ssl_expr_yyvs + size - 1;
+      nss_expr_yyssp = nss_expr_yyss + size - 1;
+      nss_expr_yyvsp = nss_expr_yyvs + size - 1;
 #ifdef YYLSP_NEEDED
-      ssl_expr_yylsp = ssl_expr_yyls + size - 1;
+      nss_expr_yylsp = nss_expr_yyls + size - 1;
 #endif
 
 #if YYDEBUG != 0
-      if (ssl_expr_yydebug)
-	fprintf(stderr, "Stack size increased to %d\n", ssl_expr_yystacksize);
+      if (nss_expr_yydebug)
+	fprintf(stderr, "Stack size increased to %d\n", nss_expr_yystacksize);
 #endif
 
-      if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
+      if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1)
 	YYABORT;
     }
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
-    fprintf(stderr, "Entering state %d\n", ssl_expr_yystate);
+  if (nss_expr_yydebug)
+    fprintf(stderr, "Entering state %d\n", nss_expr_yystate);
 #endif
 
-  goto ssl_expr_yybackup;
- ssl_expr_yybackup:
+  goto nss_expr_yybackup;
+ nss_expr_yybackup:
 
 /* Do appropriate processing given the current state.  */
 /* Read a lookahead token if we need one and don't already have one.  */
-/* ssl_expr_yyresume: */
+/* nss_expr_yyresume: */
 
   /* First try to decide what to do without reference to lookahead token.  */
 
-  ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
-  if (ssl_expr_yyn == YYFLAG)
-    goto ssl_expr_yydefault;
+  nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
+  if (nss_expr_yyn == YYFLAG)
+    goto nss_expr_yydefault;
 
   /* Not known => get a lookahead token if don't already have one.  */
 
-  /* ssl_expr_yychar is either YYEMPTY or YYEOF
+  /* nss_expr_yychar is either YYEMPTY or YYEOF
      or a valid token in external form.  */
 
-  if (ssl_expr_yychar == YYEMPTY)
+  if (nss_expr_yychar == YYEMPTY)
     {
 #if YYDEBUG != 0
-      if (ssl_expr_yydebug)
+      if (nss_expr_yydebug)
 	fprintf(stderr, "Reading a token: ");
 #endif
-      ssl_expr_yychar = YYLEX;
+      nss_expr_yychar = YYLEX;
     }
 
-  /* Convert token to internal form (in ssl_expr_yychar1) for indexing tables with */
+  /* Convert token to internal form (in nss_expr_yychar1) for indexing tables with */
 
-  if (ssl_expr_yychar <= 0)		/* This means end of input. */
+  if (nss_expr_yychar <= 0)		/* This means end of input. */
     {
-      ssl_expr_yychar1 = 0;
-      ssl_expr_yychar = YYEOF;		/* Don't call YYLEX any more */
+      nss_expr_yychar1 = 0;
+      nss_expr_yychar = YYEOF;		/* Don't call YYLEX any more */
 
 #if YYDEBUG != 0
-      if (ssl_expr_yydebug)
+      if (nss_expr_yydebug)
 	fprintf(stderr, "Now at end of input.\n");
 #endif
     }
   else
     {
-      ssl_expr_yychar1 = YYTRANSLATE(ssl_expr_yychar);
+      nss_expr_yychar1 = YYTRANSLATE(nss_expr_yychar);
 
 #if YYDEBUG != 0
-      if (ssl_expr_yydebug)
+      if (nss_expr_yydebug)
 	{
-	  fprintf (stderr, "Next token is %d (%s", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+	  fprintf (stderr, "Next token is %d (%s", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
 	  /* Give the individual parser a way to print the precise meaning
 	     of a token, for further debugging info.  */
 #ifdef YYPRINT
-	  YYPRINT (stderr, ssl_expr_yychar, ssl_expr_yylval);
+	  YYPRINT (stderr, nss_expr_yychar, nss_expr_yylval);
 #endif
 	  fprintf (stderr, ")\n");
 	}
 #endif
     }
 
-  ssl_expr_yyn += ssl_expr_yychar1;
-  if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != ssl_expr_yychar1)
-    goto ssl_expr_yydefault;
+  nss_expr_yyn += nss_expr_yychar1;
+  if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != nss_expr_yychar1)
+    goto nss_expr_yydefault;
 
-  ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
+  nss_expr_yyn = nss_expr_yytable[nss_expr_yyn];
 
-  /* ssl_expr_yyn is what to do for this token type in this state.
-     Negative => reduce, -ssl_expr_yyn is rule number.
-     Positive => shift, ssl_expr_yyn is new state.
+  /* nss_expr_yyn is what to do for this token type in this state.
+     Negative => reduce, -nss_expr_yyn is rule number.
+     Positive => shift, nss_expr_yyn is new state.
        New state is final state => don't bother to shift,
        just return success.
      0, or most negative number => error.  */
 
-  if (ssl_expr_yyn < 0)
+  if (nss_expr_yyn < 0)
     {
-      if (ssl_expr_yyn == YYFLAG)
-	goto ssl_expr_yyerrlab;
-      ssl_expr_yyn = -ssl_expr_yyn;
-      goto ssl_expr_yyreduce;
+      if (nss_expr_yyn == YYFLAG)
+	goto nss_expr_yyerrlab;
+      nss_expr_yyn = -nss_expr_yyn;
+      goto nss_expr_yyreduce;
     }
-  else if (ssl_expr_yyn == 0)
-    goto ssl_expr_yyerrlab;
+  else if (nss_expr_yyn == 0)
+    goto nss_expr_yyerrlab;
 
-  if (ssl_expr_yyn == YYFINAL)
+  if (nss_expr_yyn == YYFINAL)
     YYACCEPT;
 
   /* Shift the lookahead token.  */
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
-    fprintf(stderr, "Shifting token %d (%s), ", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+  if (nss_expr_yydebug)
+    fprintf(stderr, "Shifting token %d (%s), ", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
 #endif
 
   /* Discard the token being shifted unless it is eof.  */
-  if (ssl_expr_yychar != YYEOF)
-    ssl_expr_yychar = YYEMPTY;
+  if (nss_expr_yychar != YYEOF)
+    nss_expr_yychar = YYEMPTY;
 
-  *++ssl_expr_yyvsp = ssl_expr_yylval;
+  *++nss_expr_yyvsp = nss_expr_yylval;
 #ifdef YYLSP_NEEDED
-  *++ssl_expr_yylsp = ssl_expr_yylloc;
+  *++nss_expr_yylsp = nss_expr_yylloc;
 #endif
 
   /* count tokens shifted since error; after three, turn off error status.  */
-  if (ssl_expr_yyerrstatus) ssl_expr_yyerrstatus--;
+  if (nss_expr_yyerrstatus) nss_expr_yyerrstatus--;
 
-  ssl_expr_yystate = ssl_expr_yyn;
-  goto ssl_expr_yynewstate;
+  nss_expr_yystate = nss_expr_yyn;
+  goto nss_expr_yynewstate;
 
 /* Do the default action for the current state.  */
-ssl_expr_yydefault:
+nss_expr_yydefault:
 
-  ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate];
-  if (ssl_expr_yyn == 0)
-    goto ssl_expr_yyerrlab;
+  nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate];
+  if (nss_expr_yyn == 0)
+    goto nss_expr_yyerrlab;
 
-/* Do a reduction.  ssl_expr_yyn is the number of a rule to reduce with.  */
-ssl_expr_yyreduce:
-  ssl_expr_yylen = ssl_expr_yyr2[ssl_expr_yyn];
-  if (ssl_expr_yylen > 0)
-    ssl_expr_yyval = ssl_expr_yyvsp[1-ssl_expr_yylen]; /* implement default value of the action */
+/* Do a reduction.  nss_expr_yyn is the number of a rule to reduce with.  */
+nss_expr_yyreduce:
+  nss_expr_yylen = nss_expr_yyr2[nss_expr_yyn];
+  if (nss_expr_yylen > 0)
+    nss_expr_yyval = nss_expr_yyvsp[1-nss_expr_yylen]; /* implement default value of the action */
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
+  if (nss_expr_yydebug)
     {
       int i;
 
       fprintf (stderr, "Reducing via rule %d (line %d), ",
-	       ssl_expr_yyn, ssl_expr_yyrline[ssl_expr_yyn]);
+	       nss_expr_yyn, nss_expr_yyrline[nss_expr_yyn]);
 
       /* Print the symbols being reduced, and their result.  */
-      for (i = ssl_expr_yyprhs[ssl_expr_yyn]; ssl_expr_yyrhs[i] > 0; i++)
-	fprintf (stderr, "%s ", ssl_expr_yytname[ssl_expr_yyrhs[i]]);
-      fprintf (stderr, " -> %s\n", ssl_expr_yytname[ssl_expr_yyr1[ssl_expr_yyn]]);
+      for (i = nss_expr_yyprhs[nss_expr_yyn]; nss_expr_yyrhs[i] > 0; i++)
+	fprintf (stderr, "%s ", nss_expr_yytname[nss_expr_yyrhs[i]]);
+      fprintf (stderr, " -> %s\n", nss_expr_yytname[nss_expr_yyr1[nss_expr_yyn]]);
     }
 #endif
 
 
-  switch (ssl_expr_yyn) {
+  switch (nss_expr_yyn) {
 
 case 1:
-#line 81 "ssl_expr_parse.y"
-{ ssl_expr_info.expr = ssl_expr_yyvsp[0].exVal; ;
+#line 69 "nss_expr_parse.y"
+{ nss_expr_info.expr = nss_expr_yyvsp[0].exVal; ;
     break;}
 case 2:
-#line 84 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_True,  NULL, NULL); ;
+#line 72 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_True,  NULL, NULL); ;
     break;}
 case 3:
-#line 85 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_False, NULL, NULL); ;
+#line 73 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_False, NULL, NULL); ;
     break;}
 case 4:
-#line 86 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Not,   ssl_expr_yyvsp[0].exVal,   NULL); ;
+#line 74 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Not,   nss_expr_yyvsp[0].exVal,   NULL); ;
     break;}
 case 5:
-#line 87 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Or,    ssl_expr_yyvsp[-2].exVal,   ssl_expr_yyvsp[0].exVal);   ;
+#line 75 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Or,    nss_expr_yyvsp[-2].exVal,   nss_expr_yyvsp[0].exVal);   ;
     break;}
 case 6:
-#line 88 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_And,   ssl_expr_yyvsp[-2].exVal,   ssl_expr_yyvsp[0].exVal);   ;
+#line 76 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_And,   nss_expr_yyvsp[-2].exVal,   nss_expr_yyvsp[0].exVal);   ;
     break;}
 case 7:
-#line 89 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Comp,  ssl_expr_yyvsp[0].exVal,   NULL); ;
+#line 77 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Comp,  nss_expr_yyvsp[0].exVal,   NULL); ;
     break;}
 case 8:
-#line 90 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[-1].exVal; ;
+#line 78 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_yyvsp[-1].exVal; ;
     break;}
 case 9:
-#line 93 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_EQ,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 81 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_EQ,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 10:
-#line 94 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NE,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 82 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_NE,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 11:
-#line 95 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LT,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 83 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_LT,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 12:
-#line 96 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LE,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 84 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_LE,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 13:
-#line 97 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GT,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 85 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_GT,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 14:
-#line 98 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GE,  ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 86 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_GE,  nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 15:
-#line 99 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_IN,  ssl_expr_yyvsp[-4].exVal, ssl_expr_yyvsp[-1].exVal); ;
+#line 87 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_IN,  nss_expr_yyvsp[-4].exVal, nss_expr_yyvsp[-1].exVal); ;
     break;}
 case 16:
-#line 100 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_REG, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 88 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_REG, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 17:
-#line 101 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NRE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 89 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_NRE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
     break;}
 case 18:
-#line 104 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, NULL); ;
+#line 92 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, NULL); ;
     break;}
 case 19:
-#line 105 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, ssl_expr_yyvsp[-2].exVal);   ;
+#line 93 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, nss_expr_yyvsp[-2].exVal);   ;
     break;}
 case 20:
-#line 108 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Digit,  ssl_expr_yyvsp[0].cpVal, NULL); ;
+#line 96 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Digit,  nss_expr_yyvsp[0].cpVal, NULL); ;
     break;}
 case 21:
-#line 109 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_String, ssl_expr_yyvsp[0].cpVal, NULL); ;
+#line 97 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_String, nss_expr_yyvsp[0].cpVal, NULL); ;
     break;}
 case 22:
-#line 110 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Var,    ssl_expr_yyvsp[-1].cpVal, NULL); ;
+#line 98 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Var,    nss_expr_yyvsp[-1].cpVal, NULL); ;
     break;}
 case 23:
-#line 111 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[0].exVal; ;
+#line 99 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_yyvsp[0].exVal; ;
     break;}
 case 24:
-#line 114 "ssl_expr_parse.y"
+#line 102 "nss_expr_parse.y"
 { 
                 regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, 
+                if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, 
                                          REG_EXTENDED|REG_NOSUB)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
+                    nss_expr_error = "Failed to compile regular expression";
                     YYERROR;
                 }
-                ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
+                nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL);
             ;
     break;}
 case 25:
-#line 123 "ssl_expr_parse.y"
+#line 111 "nss_expr_parse.y"
 {
                 regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, 
+                if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, 
                                          REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
+                    nss_expr_error = "Failed to compile regular expression";
                     YYERROR;
                 }
-                ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
+                nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL);
             ;
     break;}
 case 26:
-#line 134 "ssl_expr_parse.y"
+#line 122 "nss_expr_parse.y"
 { 
-               ssl_expr *args = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[-1].cpVal, NULL);
-               ssl_expr_yyval.exVal = ssl_expr_make(op_Func, "file", args);
+               nss_expr *args = nss_expr_make(op_ListElement, nss_expr_yyvsp[-1].cpVal, NULL);
+               nss_expr_yyval.exVal = nss_expr_make(op_Func, "file", args);
             ;
     break;}
 }
    /* the action file gets copied in in place of this dollarsign */
 #line 543 "/usr/lib/bison.simple"
 

-  ssl_expr_yyvsp -= ssl_expr_yylen;
-  ssl_expr_yyssp -= ssl_expr_yylen;
+  nss_expr_yyvsp -= nss_expr_yylen;
+  nss_expr_yyssp -= nss_expr_yylen;
 #ifdef YYLSP_NEEDED
-  ssl_expr_yylsp -= ssl_expr_yylen;
+  nss_expr_yylsp -= nss_expr_yylen;
 #endif
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
+  if (nss_expr_yydebug)
     {
-      short *ssp1 = ssl_expr_yyss - 1;
+      short *ssp1 = nss_expr_yyss - 1;
       fprintf (stderr, "state stack now");
-      while (ssp1 != ssl_expr_yyssp)
+      while (ssp1 != nss_expr_yyssp)
 	fprintf (stderr, " %d", *++ssp1);
       fprintf (stderr, "\n");
     }
 #endif
 
-  *++ssl_expr_yyvsp = ssl_expr_yyval;
+  *++nss_expr_yyvsp = nss_expr_yyval;
 
 #ifdef YYLSP_NEEDED
-  ssl_expr_yylsp++;
-  if (ssl_expr_yylen == 0)
+  nss_expr_yylsp++;
+  if (nss_expr_yylen == 0)
     {
-      ssl_expr_yylsp->first_line = ssl_expr_yylloc.first_line;
-      ssl_expr_yylsp->first_column = ssl_expr_yylloc.first_column;
-      ssl_expr_yylsp->last_line = (ssl_expr_yylsp-1)->last_line;
-      ssl_expr_yylsp->last_column = (ssl_expr_yylsp-1)->last_column;
-      ssl_expr_yylsp->text = 0;
+      nss_expr_yylsp->first_line = nss_expr_yylloc.first_line;
+      nss_expr_yylsp->first_column = nss_expr_yylloc.first_column;
+      nss_expr_yylsp->last_line = (nss_expr_yylsp-1)->last_line;
+      nss_expr_yylsp->last_column = (nss_expr_yylsp-1)->last_column;
+      nss_expr_yylsp->text = 0;
     }
   else
     {
-      ssl_expr_yylsp->last_line = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_line;
-      ssl_expr_yylsp->last_column = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_column;
+      nss_expr_yylsp->last_line = (nss_expr_yylsp+nss_expr_yylen-1)->last_line;
+      nss_expr_yylsp->last_column = (nss_expr_yylsp+nss_expr_yylen-1)->last_column;
     }
 #endif
 
@@ -891,38 +891,38 @@ case 26:
      based on the state we popped back to
      and the rule number reduced by.  */
 
-  ssl_expr_yyn = ssl_expr_yyr1[ssl_expr_yyn];
+  nss_expr_yyn = nss_expr_yyr1[nss_expr_yyn];
 
-  ssl_expr_yystate = ssl_expr_yypgoto[ssl_expr_yyn - YYNTBASE] + *ssl_expr_yyssp;
-  if (ssl_expr_yystate >= 0 && ssl_expr_yystate <= YYLAST && ssl_expr_yycheck[ssl_expr_yystate] == *ssl_expr_yyssp)
-    ssl_expr_yystate = ssl_expr_yytable[ssl_expr_yystate];
+  nss_expr_yystate = nss_expr_yypgoto[nss_expr_yyn - YYNTBASE] + *nss_expr_yyssp;
+  if (nss_expr_yystate >= 0 && nss_expr_yystate <= YYLAST && nss_expr_yycheck[nss_expr_yystate] == *nss_expr_yyssp)
+    nss_expr_yystate = nss_expr_yytable[nss_expr_yystate];
   else
-    ssl_expr_yystate = ssl_expr_yydefgoto[ssl_expr_yyn - YYNTBASE];
+    nss_expr_yystate = nss_expr_yydefgoto[nss_expr_yyn - YYNTBASE];
 
-  goto ssl_expr_yynewstate;
+  goto nss_expr_yynewstate;
 
-ssl_expr_yyerrlab:   /* here on detecting error */
+nss_expr_yyerrlab:   /* here on detecting error */
 
-  if (! ssl_expr_yyerrstatus)
+  if (! nss_expr_yyerrstatus)
     /* If not already recovering from an error, report this error.  */
     {
-      ++ssl_expr_yynerrs;
+      ++nss_expr_yynerrs;
 
 #ifdef YYERROR_VERBOSE
-      ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
+      nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
 
-      if (ssl_expr_yyn > YYFLAG && ssl_expr_yyn < YYLAST)
+      if (nss_expr_yyn > YYFLAG && nss_expr_yyn < YYLAST)
 	{
 	  int size = 0;
 	  char *msg;
 	  int x, count;
 
 	  count = 0;
-	  /* Start X at -ssl_expr_yyn if nec to avoid negative indexes in ssl_expr_yycheck.  */
-	  for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
-	       x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
-	    if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
-	      size += strlen(ssl_expr_yytname[x]) + 15, count++;
+	  /* Start X at -nss_expr_yyn if nec to avoid negative indexes in nss_expr_yycheck.  */
+	  for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0);
+	       x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++)
+	    if (nss_expr_yycheck[x + nss_expr_yyn] == x)
+	      size += strlen(nss_expr_yytname[x]) + 15, count++;
 	  msg = (char *) malloc(size + 15);
 	  if (msg != 0)
 	    {
@@ -931,149 +931,149 @@ ssl_expr_yyerrlab:   /* here on detecting error */
 	      if (count < 5)
 		{
 		  count = 0;
-		  for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
-		       x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
-		    if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
+		  for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0);
+		       x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++)
+		    if (nss_expr_yycheck[x + nss_expr_yyn] == x)
 		      {
 			strcat(msg, count == 0 ? ", expecting `" : " or `");
-			strcat(msg, ssl_expr_yytname[x]);
+			strcat(msg, nss_expr_yytname[x]);
 			strcat(msg, "'");
 			count++;
 		      }
 		}
-	      ssl_expr_yyerror(msg);
+	      nss_expr_yyerror(msg);
 	      free(msg);
 	    }
 	  else
-	    ssl_expr_yyerror ("parse error; also virtual memory exceeded");
+	    nss_expr_yyerror ("parse error; also virtual memory exceeded");
 	}
       else
 #endif /* YYERROR_VERBOSE */
-	ssl_expr_yyerror("parse error");
+	nss_expr_yyerror("parse error");
     }
 
-  goto ssl_expr_yyerrlab1;
-ssl_expr_yyerrlab1:   /* here on error raised explicitly by an action */
+  goto nss_expr_yyerrlab1;
+nss_expr_yyerrlab1:   /* here on error raised explicitly by an action */
 
-  if (ssl_expr_yyerrstatus == 3)
+  if (nss_expr_yyerrstatus == 3)
     {
       /* if just tried and failed to reuse lookahead token after an error, discard it.  */
 
       /* return failure if at end of input */
-      if (ssl_expr_yychar == YYEOF)
+      if (nss_expr_yychar == YYEOF)
 	YYABORT;
 
 #if YYDEBUG != 0
-      if (ssl_expr_yydebug)
-	fprintf(stderr, "Discarding token %d (%s).\n", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+      if (nss_expr_yydebug)
+	fprintf(stderr, "Discarding token %d (%s).\n", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
 #endif
 
-      ssl_expr_yychar = YYEMPTY;
+      nss_expr_yychar = YYEMPTY;
     }
 
   /* Else will try to reuse lookahead token
      after shifting the error token.  */
 
-  ssl_expr_yyerrstatus = 3;		/* Each real token shifted decrements this */
+  nss_expr_yyerrstatus = 3;		/* Each real token shifted decrements this */
 
-  goto ssl_expr_yyerrhandle;
+  goto nss_expr_yyerrhandle;
 
-ssl_expr_yyerrdefault:  /* current state does not do anything special for the error token. */
+nss_expr_yyerrdefault:  /* current state does not do anything special for the error token. */
 
 #if 0
   /* This is wrong; only states that explicitly want error tokens
      should shift them.  */
-  ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate];  /* If its default is to accept any token, ok.  Otherwise pop it.*/
-  if (ssl_expr_yyn) goto ssl_expr_yydefault;
+  nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate];  /* If its default is to accept any token, ok.  Otherwise pop it.*/
+  if (nss_expr_yyn) goto nss_expr_yydefault;
 #endif
 
-ssl_expr_yyerrpop:   /* pop the current state because it cannot handle the error token */
+nss_expr_yyerrpop:   /* pop the current state because it cannot handle the error token */
 
-  if (ssl_expr_yyssp == ssl_expr_yyss) YYABORT;
-  ssl_expr_yyvsp--;
-  ssl_expr_yystate = *--ssl_expr_yyssp;
+  if (nss_expr_yyssp == nss_expr_yyss) YYABORT;
+  nss_expr_yyvsp--;
+  nss_expr_yystate = *--nss_expr_yyssp;
 #ifdef YYLSP_NEEDED
-  ssl_expr_yylsp--;
+  nss_expr_yylsp--;
 #endif
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
+  if (nss_expr_yydebug)
     {
-      short *ssp1 = ssl_expr_yyss - 1;
+      short *ssp1 = nss_expr_yyss - 1;
       fprintf (stderr, "Error: state stack now");
-      while (ssp1 != ssl_expr_yyssp)
+      while (ssp1 != nss_expr_yyssp)
 	fprintf (stderr, " %d", *++ssp1);
       fprintf (stderr, "\n");
     }
 #endif
 
-ssl_expr_yyerrhandle:
+nss_expr_yyerrhandle:
 
-  ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
-  if (ssl_expr_yyn == YYFLAG)
-    goto ssl_expr_yyerrdefault;
+  nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
+  if (nss_expr_yyn == YYFLAG)
+    goto nss_expr_yyerrdefault;
 
-  ssl_expr_yyn += YYTERROR;
-  if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != YYTERROR)
-    goto ssl_expr_yyerrdefault;
+  nss_expr_yyn += YYTERROR;
+  if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != YYTERROR)
+    goto nss_expr_yyerrdefault;
 
-  ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
-  if (ssl_expr_yyn < 0)
+  nss_expr_yyn = nss_expr_yytable[nss_expr_yyn];
+  if (nss_expr_yyn < 0)
     {
-      if (ssl_expr_yyn == YYFLAG)
-	goto ssl_expr_yyerrpop;
-      ssl_expr_yyn = -ssl_expr_yyn;
-      goto ssl_expr_yyreduce;
+      if (nss_expr_yyn == YYFLAG)
+	goto nss_expr_yyerrpop;
+      nss_expr_yyn = -nss_expr_yyn;
+      goto nss_expr_yyreduce;
     }
-  else if (ssl_expr_yyn == 0)
-    goto ssl_expr_yyerrpop;
+  else if (nss_expr_yyn == 0)
+    goto nss_expr_yyerrpop;
 
-  if (ssl_expr_yyn == YYFINAL)
+  if (nss_expr_yyn == YYFINAL)
     YYACCEPT;
 
 #if YYDEBUG != 0
-  if (ssl_expr_yydebug)
+  if (nss_expr_yydebug)
     fprintf(stderr, "Shifting error token, ");
 #endif
 
-  *++ssl_expr_yyvsp = ssl_expr_yylval;
+  *++nss_expr_yyvsp = nss_expr_yylval;
 #ifdef YYLSP_NEEDED
-  *++ssl_expr_yylsp = ssl_expr_yylloc;
+  *++nss_expr_yylsp = nss_expr_yylloc;
 #endif
 
-  ssl_expr_yystate = ssl_expr_yyn;
-  goto ssl_expr_yynewstate;
+  nss_expr_yystate = nss_expr_yyn;
+  goto nss_expr_yynewstate;
 
- ssl_expr_yyacceptlab:
+ nss_expr_yyacceptlab:
   /* YYACCEPT comes here.  */
-  if (ssl_expr_yyfree_stacks)
+  if (nss_expr_yyfree_stacks)
     {
-      free (ssl_expr_yyss);
-      free (ssl_expr_yyvs);
+      free (nss_expr_yyss);
+      free (nss_expr_yyvs);
 #ifdef YYLSP_NEEDED
-      free (ssl_expr_yyls);
+      free (nss_expr_yyls);
 #endif
     }
   return 0;
 
- ssl_expr_yyabortlab:
+ nss_expr_yyabortlab:
   /* YYABORT comes here.  */
-  if (ssl_expr_yyfree_stacks)
+  if (nss_expr_yyfree_stacks)
     {
-      free (ssl_expr_yyss);
-      free (ssl_expr_yyvs);
+      free (nss_expr_yyss);
+      free (nss_expr_yyvs);
 #ifdef YYLSP_NEEDED
-      free (ssl_expr_yyls);
+      free (nss_expr_yyls);
 #endif
     }
   return 1;
 }
-#line 140 "ssl_expr_parse.y"
+#line 128 "nss_expr_parse.y"
 
 
-int ssl_expr_yyerror(char *s)
+int nss_expr_yyerror(char *s)
 {
-    ssl_expr_error = s;
+    nss_expr_error = s;
     return 2;
 }
 
diff --git a/ssl_expr_parse.h b/nss_expr_parse.h
similarity index 89%
rename from ssl_expr_parse.h
rename to nss_expr_parse.h
index 5378e28..09adf01 100644
--- a/ssl_expr_parse.h
+++ b/nss_expr_parse.h
@@ -1,6 +1,6 @@
 typedef union {
     char     *cpVal;
-    ssl_expr *exVal;
+    nss_expr *exVal;
 } YYSTYPE;
 #define	T_TRUE	257
 #define	T_FALSE	258
@@ -24,4 +24,4 @@ typedef union {
 #define	T_OP_NOT	276
 
 
-extern YYSTYPE ssl_expr_yylval;
+extern YYSTYPE nss_expr_yylval;
diff --git a/ssl_expr_parse.y b/nss_expr_parse.y
similarity index 52%
rename from ssl_expr_parse.y
rename to nss_expr_parse.y
index 21fe64c..9ee1a1a 100644
--- a/ssl_expr_parse.y
+++ b/nss_expr_parse.y
@@ -13,18 +13,6 @@
  * limitations under the License.
  */
 
-/*                      _             _ 
- *  _ __ ___   ___   __| |    ___ ___| |  
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  
- * | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- *                      |_____|         
- *  ssl_expr_parse.y
- *  Expression LR(1) Parser
- */
-                             /* ``What you see is all you get.''
-							              -- Brian Kernighan      */
-
 /*  _________________________________________________________________
 **
 **  Expression Parser
@@ -37,7 +25,7 @@
 
 %union {
     char     *cpVal;
-    ssl_expr *exVal;
+    nss_expr *exVal;
 }
 
 %token  T_TRUE
@@ -78,62 +66,62 @@
 
 %%
 
-root      : expr                         { ssl_expr_info.expr = $1; }
+root      : expr                         { nss_expr_info.expr = $1; }
           ;
 
-expr      : T_TRUE                       { $$ = ssl_expr_make(op_True,  NULL, NULL); }
-          | T_FALSE                      { $$ = ssl_expr_make(op_False, NULL, NULL); }
-          | T_OP_NOT expr                { $$ = ssl_expr_make(op_Not,   $2,   NULL); }
-          | expr T_OP_OR expr            { $$ = ssl_expr_make(op_Or,    $1,   $3);   }
-          | expr T_OP_AND expr           { $$ = ssl_expr_make(op_And,   $1,   $3);   }
-          | comparison                   { $$ = ssl_expr_make(op_Comp,  $1,   NULL); }
+expr      : T_TRUE                       { $$ = nss_expr_make(op_True,  NULL, NULL); }
+          | T_FALSE                      { $$ = nss_expr_make(op_False, NULL, NULL); }
+          | T_OP_NOT expr                { $$ = nss_expr_make(op_Not,   $2,   NULL); }
+          | expr T_OP_OR expr            { $$ = nss_expr_make(op_Or,    $1,   $3);   }
+          | expr T_OP_AND expr           { $$ = nss_expr_make(op_And,   $1,   $3);   }
+          | comparison                   { $$ = nss_expr_make(op_Comp,  $1,   NULL); }
           | '(' expr ')'                 { $$ = $2; }
           ;
 
-comparison: word T_OP_EQ word            { $$ = ssl_expr_make(op_EQ,  $1, $3); }
-          | word T_OP_NE word            { $$ = ssl_expr_make(op_NE,  $1, $3); }
-          | word T_OP_LT word            { $$ = ssl_expr_make(op_LT,  $1, $3); }
-          | word T_OP_LE word            { $$ = ssl_expr_make(op_LE,  $1, $3); }
-          | word T_OP_GT word            { $$ = ssl_expr_make(op_GT,  $1, $3); }
-          | word T_OP_GE word            { $$ = ssl_expr_make(op_GE,  $1, $3); }
-          | word T_OP_IN '{' words '}'   { $$ = ssl_expr_make(op_IN,  $1, $4); }
-          | word T_OP_REG regex          { $$ = ssl_expr_make(op_REG, $1, $3); }
-          | word T_OP_NRE regex          { $$ = ssl_expr_make(op_NRE, $1, $3); }
+comparison: word T_OP_EQ word            { $$ = nss_expr_make(op_EQ,  $1, $3); }
+          | word T_OP_NE word            { $$ = nss_expr_make(op_NE,  $1, $3); }
+          | word T_OP_LT word            { $$ = nss_expr_make(op_LT,  $1, $3); }
+          | word T_OP_LE word            { $$ = nss_expr_make(op_LE,  $1, $3); }
+          | word T_OP_GT word            { $$ = nss_expr_make(op_GT,  $1, $3); }
+          | word T_OP_GE word            { $$ = nss_expr_make(op_GE,  $1, $3); }
+          | word T_OP_IN '{' words '}'   { $$ = nss_expr_make(op_IN,  $1, $4); }
+          | word T_OP_REG regex          { $$ = nss_expr_make(op_REG, $1, $3); }
+          | word T_OP_NRE regex          { $$ = nss_expr_make(op_NRE, $1, $3); }
           ;
 
-words     : word                         { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
-          | words ',' word               { $$ = ssl_expr_make(op_ListElement, $3, $1);   }
+words     : word                         { $$ = nss_expr_make(op_ListElement, $1, NULL); }
+          | words ',' word               { $$ = nss_expr_make(op_ListElement, $3, $1);   }
           ;
 
-word      : T_DIGIT                      { $$ = ssl_expr_make(op_Digit,  $1, NULL); }
-          | T_STRING                     { $$ = ssl_expr_make(op_String, $1, NULL); }
-          | '%' '{' T_ID '}'             { $$ = ssl_expr_make(op_Var,    $3, NULL); }
+word      : T_DIGIT                      { $$ = nss_expr_make(op_Digit,  $1, NULL); }
+          | T_STRING                     { $$ = nss_expr_make(op_String, $1, NULL); }
+          | '%' '{' T_ID '}'             { $$ = nss_expr_make(op_Var,    $3, NULL); }
           | funccall                     { $$ = $1; }
           ;
 
 regex     : T_REGEX { 
                 regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
+                if ((regex = ap_pregcomp(nss_expr_info.pool, $1, 
                                          REG_EXTENDED|REG_NOSUB)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
+                    nss_expr_error = "Failed to compile regular expression";
                     YYERROR;
                 }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
+                $$ = nss_expr_make(op_Regex, regex, NULL);
             }
           | T_REGEX_I {
                 regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
+                if ((regex = ap_pregcomp(nss_expr_info.pool, $1, 
                                          REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
+                    nss_expr_error = "Failed to compile regular expression";
                     YYERROR;
                 }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
+                $$ = nss_expr_make(op_Regex, regex, NULL);
             }
           ;
 
 funccall  : T_FUNC_FILE '(' T_STRING ')' { 
-               ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
-               $$ = ssl_expr_make(op_Func, "file", args);
+               nss_expr *args = nss_expr_make(op_ListElement, $3, NULL);
+               $$ = nss_expr_make(op_Func, "file", args);
             }
           ;
 
@@ -141,7 +129,7 @@ funccall  : T_FUNC_FILE '(' T_STRING ')' {
 
 int yyerror(char *s)
 {
-    ssl_expr_error = s;
+    nss_expr_error = s;
     return 2;
 }
 
diff --git a/ssl_expr_scan.c b/nss_expr_scan.c
similarity index 93%
rename from ssl_expr_scan.c
rename to nss_expr_scan.c
index a351735..490ff54 100644
--- a/ssl_expr_scan.c
+++ b/nss_expr_scan.c
@@ -1,19 +1,19 @@
-#define yy_create_buffer ssl_expr_yy_create_buffer
-#define yy_delete_buffer ssl_expr_yy_delete_buffer
-#define yy_scan_buffer ssl_expr_yy_scan_buffer
-#define yy_scan_string ssl_expr_yy_scan_string
-#define yy_scan_bytes ssl_expr_yy_scan_bytes
-#define yy_flex_debug ssl_expr_yy_flex_debug
-#define yy_init_buffer ssl_expr_yy_init_buffer
-#define yy_flush_buffer ssl_expr_yy_flush_buffer
-#define yy_load_buffer_state ssl_expr_yy_load_buffer_state
-#define yy_switch_to_buffer ssl_expr_yy_switch_to_buffer
-#define yyin ssl_expr_yyin
-#define yyleng ssl_expr_yyleng
-#define yylex ssl_expr_yylex
-#define yyout ssl_expr_yyout
-#define yyrestart ssl_expr_yyrestart
-#define yytext ssl_expr_yytext
+#define yy_create_buffer nss_expr_yy_create_buffer
+#define yy_delete_buffer nss_expr_yy_delete_buffer
+#define yy_scan_buffer nss_expr_yy_scan_buffer
+#define yy_scan_string nss_expr_yy_scan_string
+#define yy_scan_bytes nss_expr_yy_scan_bytes
+#define yy_flex_debug nss_expr_yy_flex_debug
+#define yy_init_buffer nss_expr_yy_init_buffer
+#define yy_flush_buffer nss_expr_yy_flush_buffer
+#define yy_load_buffer_state nss_expr_yy_load_buffer_state
+#define yy_switch_to_buffer nss_expr_yy_switch_to_buffer
+#define yyin nss_expr_yyin
+#define yyleng nss_expr_yyleng
+#define yylex nss_expr_yylex
+#define yyout nss_expr_yyout
+#define yyrestart nss_expr_yyrestart
+#define yytext nss_expr_yytext
 
 /* A lexical scanner generated by flex */
 
@@ -443,7 +443,7 @@ static char *yy_last_accepting_cpos;
 #define YY_MORE_ADJ 0
 #define YY_RESTORE_YY_MORE_OFFSET
 char *yytext;
-#line 1 "ssl_expr_scan.l"
+#line 1 "nss_expr_scan.l"
 #define INITIAL 0
 /* Copyright 2001-2004 The Apache Software Foundation
  *
@@ -459,27 +459,15 @@ char *yytext;
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*                      _             _ 
- *  _ __ ___   ___   __| |    ___ ___| |  
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  
- * | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- *                      |_____|         
- *  ssl_expr_scan.l
- *  Expression Scanner
- */
-/* ``Killing for peace is 
-like fucking for virginity.''
--- Unknown  */
 /*  _________________________________________________________________
 **
 **  Expression Scanner
 **  _________________________________________________________________
 */
-#line 36 "ssl_expr_scan.l"
+#line 23 "nss_expr_scan.l"
 #include "mod_nss.h"
 
-#include "ssl_expr_parse.h"
+#include "nss_expr_parse.h"
 
 #define YY_NO_UNPUT 1
 int yyinput(char *buf, int max_size);
@@ -496,7 +484,7 @@ int yyinput(char *buf, int max_size);
 #define regex 2
 #define regex_flags 3
 
-#line 501 "lex.ssl_expr_yy.c"
+#line 489 "lex.nss_expr_yy.c"
 
 /* Macros after this point can all be overridden by user definitions in
  * section 1.
@@ -647,7 +635,7 @@ YY_DECL
 	register char *yy_cp = NULL, *yy_bp = NULL;
 	register int yy_act;
 
-#line 57 "ssl_expr_scan.l"
+#line 44 "nss_expr_scan.l"
 
   
   char  caStr[MAX_STR_LEN];
@@ -659,7 +647,7 @@ YY_DECL
  /*
   * Whitespaces
   */
-#line 664 "lex.ssl_expr_yy.c"
+#line 652 "lex.nss_expr_yy.c"
 
 	if ( yy_init )
 		{
@@ -740,7 +728,7 @@ do_action:	/* This label is used only to access EOF actions. */
 
 case 1:
 YY_RULE_SETUP
-#line 68 "ssl_expr_scan.l"
+#line 55 "nss_expr_scan.l"
 { 
     /* NOP */
 }
@@ -750,7 +738,7 @@ YY_RULE_SETUP
   */
 case 2:
 YY_RULE_SETUP
-#line 75 "ssl_expr_scan.l"
+#line 62 "nss_expr_scan.l"
 {
     cpStr = caStr;
     BEGIN(str);
@@ -758,24 +746,24 @@ YY_RULE_SETUP
 	YY_BREAK
 case 3:
 YY_RULE_SETUP
-#line 79 "ssl_expr_scan.l"
+#line 66 "nss_expr_scan.l"
 {
     BEGIN(INITIAL);
     *cpStr = NUL;
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr);
     return T_STRING;
 }
 	YY_BREAK
 case 4:
 YY_RULE_SETUP
-#line 85 "ssl_expr_scan.l"
+#line 72 "nss_expr_scan.l"
 {
     yyerror("Unterminated string");
 }
 	YY_BREAK
 case 5:
 YY_RULE_SETUP
-#line 88 "ssl_expr_scan.l"
+#line 75 "nss_expr_scan.l"
 {
     int result;
 
@@ -788,46 +776,46 @@ YY_RULE_SETUP
 	YY_BREAK
 case 6:
 YY_RULE_SETUP
-#line 97 "ssl_expr_scan.l"
+#line 84 "nss_expr_scan.l"
 {
     yyerror("Bad escape sequence");
 }
 	YY_BREAK
 case 7:
 YY_RULE_SETUP
-#line 100 "ssl_expr_scan.l"
+#line 87 "nss_expr_scan.l"
 { *cpStr++ = '\n'; }
 	YY_BREAK
 case 8:
 YY_RULE_SETUP
-#line 101 "ssl_expr_scan.l"
+#line 88 "nss_expr_scan.l"
 { *cpStr++ = '\r'; }
 	YY_BREAK
 case 9:
 YY_RULE_SETUP
-#line 102 "ssl_expr_scan.l"
+#line 89 "nss_expr_scan.l"
 { *cpStr++ = '\t'; }
 	YY_BREAK
 case 10:
 YY_RULE_SETUP
-#line 103 "ssl_expr_scan.l"
+#line 90 "nss_expr_scan.l"
 { *cpStr++ = '\b'; }
 	YY_BREAK
 case 11:
 YY_RULE_SETUP
-#line 104 "ssl_expr_scan.l"
+#line 91 "nss_expr_scan.l"
 { *cpStr++ = '\f'; }
 	YY_BREAK
 case 12:
 YY_RULE_SETUP
-#line 105 "ssl_expr_scan.l"
+#line 92 "nss_expr_scan.l"
 {
     *cpStr++ = yytext[1];
 }
 	YY_BREAK
 case 13:
 YY_RULE_SETUP
-#line 108 "ssl_expr_scan.l"
+#line 95 "nss_expr_scan.l"
 {
     char *cp = yytext;
     while (*cp != NUL)
@@ -836,7 +824,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 14:
 YY_RULE_SETUP
-#line 113 "ssl_expr_scan.l"
+#line 100 "nss_expr_scan.l"
 {
     *cpStr++ = yytext[1];
 }
@@ -846,7 +834,7 @@ YY_RULE_SETUP
   */
 case 15:
 YY_RULE_SETUP
-#line 120 "ssl_expr_scan.l"
+#line 107 "nss_expr_scan.l"
 {
     cRegexDel = yytext[1];
     cpRegex = caRegex;
@@ -855,7 +843,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 16:
 YY_RULE_SETUP
-#line 125 "ssl_expr_scan.l"
+#line 112 "nss_expr_scan.l"
 {
     if (yytext[0] == cRegexDel) {
         *cpRegex = NUL;
@@ -868,27 +856,27 @@ YY_RULE_SETUP
 	YY_BREAK
 case 17:
 YY_RULE_SETUP
-#line 134 "ssl_expr_scan.l"
+#line 121 "nss_expr_scan.l"
 {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     BEGIN(INITIAL);
     return T_REGEX_I;
 }
 	YY_BREAK
 case 18:
 YY_RULE_SETUP
-#line 139 "ssl_expr_scan.l"
+#line 126 "nss_expr_scan.l"
 {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     yyless(0);
     BEGIN(INITIAL);
     return T_REGEX;
 }
 	YY_BREAK
 case YY_STATE_EOF(regex_flags):
-#line 145 "ssl_expr_scan.l"
+#line 132 "nss_expr_scan.l"
 {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     BEGIN(INITIAL);
     return T_REGEX;
 }
@@ -898,107 +886,107 @@ case YY_STATE_EOF(regex_flags):
   */
 case 19:
 YY_RULE_SETUP
-#line 154 "ssl_expr_scan.l"
+#line 141 "nss_expr_scan.l"
 { return T_OP_EQ; }
 	YY_BREAK
 case 20:
 YY_RULE_SETUP
-#line 155 "ssl_expr_scan.l"
+#line 142 "nss_expr_scan.l"
 { return T_OP_EQ; }
 	YY_BREAK
 case 21:
 YY_RULE_SETUP
-#line 156 "ssl_expr_scan.l"
+#line 143 "nss_expr_scan.l"
 { return T_OP_NE; }
 	YY_BREAK
 case 22:
 YY_RULE_SETUP
-#line 157 "ssl_expr_scan.l"
+#line 144 "nss_expr_scan.l"
 { return T_OP_NE; }
 	YY_BREAK
 case 23:
 YY_RULE_SETUP
-#line 158 "ssl_expr_scan.l"
+#line 145 "nss_expr_scan.l"
 { return T_OP_LT; }
 	YY_BREAK
 case 24:
 YY_RULE_SETUP
-#line 159 "ssl_expr_scan.l"
+#line 146 "nss_expr_scan.l"
 { return T_OP_LT; }
 	YY_BREAK
 case 25:
 YY_RULE_SETUP
-#line 160 "ssl_expr_scan.l"
+#line 147 "nss_expr_scan.l"
 { return T_OP_LE; }
 	YY_BREAK
 case 26:
 YY_RULE_SETUP
-#line 161 "ssl_expr_scan.l"
+#line 148 "nss_expr_scan.l"
 { return T_OP_LE; }
 	YY_BREAK
 case 27:
 YY_RULE_SETUP
-#line 162 "ssl_expr_scan.l"
+#line 149 "nss_expr_scan.l"
 { return T_OP_GT; }
 	YY_BREAK
 case 28:
 YY_RULE_SETUP
-#line 163 "ssl_expr_scan.l"
+#line 150 "nss_expr_scan.l"
 { return T_OP_GT; }
 	YY_BREAK
 case 29:
 YY_RULE_SETUP
-#line 164 "ssl_expr_scan.l"
+#line 151 "nss_expr_scan.l"
 { return T_OP_GE; }
 	YY_BREAK
 case 30:
 YY_RULE_SETUP
-#line 165 "ssl_expr_scan.l"
+#line 152 "nss_expr_scan.l"
 { return T_OP_GE; }
 	YY_BREAK
 case 31:
 YY_RULE_SETUP
-#line 166 "ssl_expr_scan.l"
+#line 153 "nss_expr_scan.l"
 { return T_OP_REG; }
 	YY_BREAK
 case 32:
 YY_RULE_SETUP
-#line 167 "ssl_expr_scan.l"
+#line 154 "nss_expr_scan.l"
 { return T_OP_NRE; }
 	YY_BREAK
 case 33:
 YY_RULE_SETUP
-#line 168 "ssl_expr_scan.l"
+#line 155 "nss_expr_scan.l"
 { return T_OP_AND; }
 	YY_BREAK
 case 34:
 YY_RULE_SETUP
-#line 169 "ssl_expr_scan.l"
+#line 156 "nss_expr_scan.l"
 { return T_OP_AND; }
 	YY_BREAK
 case 35:
 YY_RULE_SETUP
-#line 170 "ssl_expr_scan.l"
+#line 157 "nss_expr_scan.l"
 { return T_OP_OR; }
 	YY_BREAK
 case 36:
 YY_RULE_SETUP
-#line 171 "ssl_expr_scan.l"
+#line 158 "nss_expr_scan.l"
 { return T_OP_OR; }
 	YY_BREAK
 case 37:
 YY_RULE_SETUP
-#line 172 "ssl_expr_scan.l"
+#line 159 "nss_expr_scan.l"
 { return T_OP_NOT; }
 	YY_BREAK
 case 38:
 YY_RULE_SETUP
-#line 173 "ssl_expr_scan.l"
+#line 160 "nss_expr_scan.l"
 { return T_OP_NOT; }
 	YY_BREAK
 case 39:
 YY_RULE_SETUP
-#line 174 "ssl_expr_scan.l"
+#line 161 "nss_expr_scan.l"
 { return T_OP_IN; }
 	YY_BREAK
 /*
@@ -1006,7 +994,7 @@ YY_RULE_SETUP
   */
 case 40:
 YY_RULE_SETUP
-#line 179 "ssl_expr_scan.l"
+#line 166 "nss_expr_scan.l"
 { return T_FUNC_FILE; }
 	YY_BREAK
 /*
@@ -1014,12 +1002,12 @@ YY_RULE_SETUP
   */
 case 41:
 YY_RULE_SETUP
-#line 184 "ssl_expr_scan.l"
+#line 171 "nss_expr_scan.l"
 { return T_TRUE; }
 	YY_BREAK
 case 42:
 YY_RULE_SETUP
-#line 185 "ssl_expr_scan.l"
+#line 172 "nss_expr_scan.l"
 { return T_FALSE; }
 	YY_BREAK
 /*
@@ -1027,9 +1015,9 @@ YY_RULE_SETUP
   */
 case 43:
 YY_RULE_SETUP
-#line 190 "ssl_expr_scan.l"
+#line 177 "nss_expr_scan.l"
 {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
     return T_DIGIT;
 }
 	YY_BREAK
@@ -1038,9 +1026,9 @@ YY_RULE_SETUP
   */
 case 44:
 YY_RULE_SETUP
-#line 198 "ssl_expr_scan.l"
+#line 185 "nss_expr_scan.l"
 {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
     return T_ID;
 }
 	YY_BREAK
@@ -1049,17 +1037,17 @@ YY_RULE_SETUP
   */
 case 45:
 YY_RULE_SETUP
-#line 206 "ssl_expr_scan.l"
+#line 193 "nss_expr_scan.l"
 { 
     return yytext[0];
 }
 	YY_BREAK
 case 46:
 YY_RULE_SETUP
-#line 210 "ssl_expr_scan.l"
+#line 197 "nss_expr_scan.l"
 YY_FATAL_ERROR( "flex scanner jammed" );
 	YY_BREAK
-#line 1064 "lex.ssl_expr_yy.c"
+#line 1052 "lex.nss_expr_yy.c"
 case YY_STATE_EOF(INITIAL):
 case YY_STATE_EOF(str):
 case YY_STATE_EOF(regex):
@@ -1943,19 +1931,19 @@ int main()
 	return 0;
 	}
 #endif
-#line 210 "ssl_expr_scan.l"
+#line 197 "nss_expr_scan.l"
 
 
 int yyinput(char *buf, int max_size)
 {
     int n;
 
-    if ((n = MIN(max_size, ssl_expr_info.inputbuf
-                         + ssl_expr_info.inputlen 
-                         - ssl_expr_info.inputptr)) <= 0)
+    if ((n = MIN(max_size, nss_expr_info.inputbuf
+                         + nss_expr_info.inputlen 
+                         - nss_expr_info.inputptr)) <= 0)
         return YY_NULL;
-    memcpy(buf, ssl_expr_info.inputptr, n);
-    ssl_expr_info.inputptr += n;
+    memcpy(buf, nss_expr_info.inputptr, n);
+    nss_expr_info.inputptr += n;
     return n;
 }
 
diff --git a/ssl_expr_scan.l b/nss_expr_scan.l
similarity index 75%
rename from ssl_expr_scan.l
rename to nss_expr_scan.l
index c22bd3e..e237de2 100644
--- a/ssl_expr_scan.l
+++ b/nss_expr_scan.l
@@ -13,19 +13,6 @@
  * limitations under the License.
  */
 
-/*                      _             _ 
- *  _ __ ___   ___   __| |    ___ ___| |  
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  
- * | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- *                      |_____|         
- *  ssl_expr_scan.l
- *  Expression Scanner
- */
-                             /* ``Killing for peace is 
-                                  like fucking for virginity.''
-                                             -- Unknown  */
-
 /*  _________________________________________________________________
 **
 **  Expression Scanner
@@ -35,7 +22,7 @@
 %{
 #include "mod_nss.h"
 
-#include "ssl_expr_parse.h"
+#include "nss_expr_parse.h"
 
 #define YY_NO_UNPUT 1
 int yyinput(char *buf, int max_size);
@@ -79,7 +66,7 @@ int yyinput(char *buf, int max_size);
 <str>\" {
     BEGIN(INITIAL);
     *cpStr = NUL;
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr);
     return T_STRING;
 }
 <str>\n {
@@ -132,18 +119,18 @@ int yyinput(char *buf, int max_size);
     }
 }
 <regex_flags>i {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     BEGIN(INITIAL);
     return T_REGEX_I;
 }
 <regex_flags>.|\n {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     yyless(0);
     BEGIN(INITIAL);
     return T_REGEX;
 }
 <regex_flags><<EOF>> {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
     BEGIN(INITIAL);
     return T_REGEX;
 }
@@ -188,7 +175,7 @@ int yyinput(char *buf, int max_size);
   * Digits
   */
 [0-9]+ {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
     return T_DIGIT;
 }
 
@@ -196,7 +183,7 @@ int yyinput(char *buf, int max_size);
   * Identifiers
   */
 [a-zA-Z][a-zA-Z0-9_:-]* {
-    yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+    yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
     return T_ID;
 }
 
@@ -213,12 +200,12 @@ int yyinput(char *buf, int max_size)
 {
     int n;
 
-    if ((n = MIN(max_size, ssl_expr_info.inputbuf
-                         + ssl_expr_info.inputlen 
-                         - ssl_expr_info.inputptr)) <= 0)
+    if ((n = MIN(max_size, nss_expr_info.inputbuf
+                         + nss_expr_info.inputlen 
+                         - nss_expr_info.inputptr)) <= 0)
         return YY_NULL;
-    memcpy(buf, ssl_expr_info.inputptr, n);
-    ssl_expr_info.inputptr += n;
+    memcpy(buf, nss_expr_info.inputptr, n);
+    nss_expr_info.inputptr += n;
     return n;
 }
 
diff --git a/nss_util.c b/nss_util.c
index 502964c..2a5b91c 100644
--- a/nss_util.c
+++ b/nss_util.c
@@ -24,7 +24,7 @@
 **  _________________________________________________________________
 */
 
-char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
+char *nss_util_vhostid(apr_pool_t *p, server_rec *s)
 {
     char *id;
     SSLSrvConfigRec *sc;
@@ -45,24 +45,24 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
     return id;
 }
 
-void ssl_util_strupper(char *s)
+void nss_util_strupper(char *s)
 {
     for (; *s; ++s)
         *s = apr_toupper(*s);
     return;
 }
 
-static const char ssl_util_uuencode_six2pr[64+1] =
+static const char nss_util_uuencode_six2pr[64+1] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
-void ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
+void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
 {
-    ssl_util_uuencode_binary((unsigned char *)szTo,
+    nss_util_uuencode_binary((unsigned char *)szTo,
                              (const unsigned char *)szFrom,
                              strlen(szFrom), bPad);
 }
 
-void ssl_util_uuencode_binary(unsigned char *szTo,
+void nss_util_uuencode_binary(unsigned char *szTo,
                               const unsigned char *szFrom,
                               int nLength, BOOL bPad)
 {
@@ -70,18 +70,18 @@ void ssl_util_uuencode_binary(unsigned char *szTo,
     int nPad = 0;
 
     for (s = szFrom; nLength > 0; s += 3) {
-        *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2];
-        *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
+        *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2];
+        *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
         if (--nLength == 0) {
             nPad = 2;
             break;
         }
-        *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
+        *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
         if (--nLength == 0) {
             nPad = 1;
             break;
         }
-        *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f];
+        *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f];
         --nLength;
     }
     while(bPad && nPad--) {
@@ -91,7 +91,7 @@ void ssl_util_uuencode_binary(unsigned char *szTo,
     return;
 }
 
-apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
+apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
                             const char * const *argv)
 {
     apr_procattr_t *procattr;
@@ -114,7 +114,7 @@ apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
     return proc->out;
 }
 
-void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
+void nss_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
 {
     apr_file_close(fp);
     return;
@@ -123,7 +123,7 @@ void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
 /*
  * Run a filter program and read the first line of its stdout output
  */
-char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
+char *nss_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
                           const char * const *argv)
 {
     static char buf[MAX_STRING_LEN];
@@ -132,7 +132,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
     char c;
     int k;
 
-    if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
+    if ((fp = nss_util_ppopen(s, p, cmd, argv)) == NULL)
         return NULL;
     /* XXX: we are reading 1 byte at a time here */
     for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
@@ -142,7 +142,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
         buf[k++] = c;
     }
     buf[k] = NUL;
-    ssl_util_ppclose(s, p, fp);
+    nss_util_ppclose(s, p, fp);
 
     return buf;
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git



More information about the Pkg-fedora-ds-maintainers mailing list