Description of problem:
Most dynamic module options in httpd.conf are surrounded by <IfModule> which 
only get processed if that module was activated previously in the config.  Some 
mod_ssl options are surrounded by <IfModule mod_ssl.c> but other mod_ssl 
virtual host and listen options are surrounded by <IfDefine HAVE_SSL>, which is 
inconsistent with the rest of the dynamic config.  <IfModule> evaluates based 
on the preceeding configuration, <IfDefine> evaluates based on how the binary 
was loaded by the sysadmin or init scripts.  This basically splits parts of the 
configuration out of the configuration file.

As such, to properly disable mod_ssl requires commenting out large portions of 
httpd.conf because <IfDefine> regards how the binary was loaded, not how it was 
configured previously in httpd.conf.  It really doesn't matter either way too 
much except that it's inconsistent, and it doesn't make sense to do it this way 
when there's a better more uniform way.

Version-Release number of selected component (if applicable):
apache-1.3.27-2, mod_ssl-2.8.12-2

How reproducible:
Every time

Steps to Reproduce:
1. Install apache, mod_ssl
2. less /etc/httpd/conf/httpd.conf
3.
    
Actual results:
It seems that the packager intended the sysadmin to chmod a-x the modules in 
the filesystem in order to configure their server.  This adds to the complexity 
of installation and upgrading.  There is no guarantee that the file modes will 
stay the same during an upgrade (in fact they likely would not), which would 
cause a dramatic change in the configuration of the server, and potential 
failure to load.  Configuration should be in the config files, not in the 
filesystem.

Expected results:
All mod_ssl options being surrounded by <IfModule mod_ssl.c> instead of 
<IfDefine HAVE_SSL>.  Sysadmin should be able to select which modules they want 
loaded in httpd.conf and have the rest of the config adapt.

Additional info: