Send the right CAs to the client.
authorBen Laurie <ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
committerBen Laurie <ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
CHANGES
apps/s_server.c

diff --git a/CHANGES b/CHANGES
index c7c24ed..2a8877a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
   *) Don't blow it for numeric -newkey arguments to apps/req.
      [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
 
index 256636b..c0546f6 100644 (file)
@@ -505,7 +505,7 @@ bad:
                SSL_CTX_set_cipher_list(ctx,cipher);
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
 
-       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
        BIO_printf(bio_s_out,"ACCEPT\n");
        if (www)
@@ -645,7 +645,7 @@ int s;
                                        /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
                                        }
                                if ((buf[0] == 'R') &&
-                                       ((buf[1] == '\0') || (buf[1] == '\r')))
+                                       ((buf[1] == '\n') || (buf[1] == '\r')))
                                        {
                                        SSL_set_verify(con,
                                                SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);