diff options
author | Ben Laurie <ben@openssl.org> | 1999-01-07 00:16:37 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 1999-01-07 00:16:37 +0000 |
commit | c13d4799dd9b6ed6a33e1a367119fd9b11233344 (patch) | |
tree | e2b1cf6b588e6f5090248a591457ca78b230c70b | |
parent | bc4deee07a53228db7a8962519f05e904eb4b670 (diff) | |
download | openssl-c13d4799dd9b6ed6a33e1a367119fd9b11233344.tar.gz |
Send the right CAs to the client.
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | apps/s_server.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -5,6 +5,9 @@ Changes between 0.9.1c and 0.9.2 + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + *) Don't blow it for numeric -newkey arguments to apps/req. [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] diff --git a/apps/s_server.c b/apps/s_server.c index 256636bc43..c0546f6f9b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -505,7 +505,7 @@ bad: SSL_CTX_set_cipher_list(ctx,cipher); SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); BIO_printf(bio_s_out,"ACCEPT\n"); if (www) @@ -645,7 +645,7 @@ int s; /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ } if ((buf[0] == 'R') && - ((buf[1] == '\0') || (buf[1] == '\r'))) + ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); |