From c13d4799dd9b6ed6a33e1a367119fd9b11233344 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Thu, 7 Jan 1999 00:16:37 +0000 Subject: [PATCH] Send the right CAs to the client. --- CHANGES | 3 +++ apps/s_server.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index c7c24ed9e5..2a8877ac3e 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,9 @@ Changes between 0.9.1c and 0.9.2 + *) s_server should send the CAfile as acceptable CAs, not its own cert. + [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] + *) Don't blow it for numeric -newkey arguments to apps/req. [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] diff --git a/apps/s_server.c b/apps/s_server.c index 256636bc43..c0546f6f9b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -505,7 +505,7 @@ bad: SSL_CTX_set_cipher_list(ctx,cipher); SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); BIO_printf(bio_s_out,"ACCEPT\n"); if (www) @@ -645,7 +645,7 @@ int s; /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ } if ((buf[0] == 'R') && - ((buf[1] == '\0') || (buf[1] == '\r'))) + ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);