Send the right CAs to the client.

This commit is contained in:
Ben Laurie 1999-01-07 00:16:37 +00:00
parent bc4deee07a
commit c13d4799dd
2 changed files with 5 additions and 2 deletions

View file

@ -5,6 +5,9 @@
Changes between 0.9.1c and 0.9.2
*) s_server should send the CAfile as acceptable CAs, not its own cert.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
*) Don't blow it for numeric -newkey arguments to apps/req.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

View file

@ -505,7 +505,7 @@ bad:
SSL_CTX_set_cipher_list(ctx,cipher);
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
@ -645,7 +645,7 @@ int s;
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
}
if ((buf[0] == 'R') &&
((buf[1] == '\0') || (buf[1] == '\r')))
((buf[1] == '\n') || (buf[1] == '\r')))
{
SSL_set_verify(con,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);