From c13d4799dd9b6ed6a33e1a367119fd9b11233344 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Thu, 7 Jan 1999 00:16:37 +0000
Subject: [PATCH] Send the right CAs to the client.

---
 CHANGES         | 3 +++
 apps/s_server.c | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index c7c24ed9e5..2a8877ac3e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
   *) Don't blow it for numeric -newkey arguments to apps/req.
      [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
 
diff --git a/apps/s_server.c b/apps/s_server.c
index 256636bc43..c0546f6f9b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -505,7 +505,7 @@ bad:
 		SSL_CTX_set_cipher_list(ctx,cipher);
 	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
 
-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
@@ -645,7 +645,7 @@ int s;
 					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
 				if ((buf[0] == 'R') &&
-					((buf[1] == '\0') || (buf[1] == '\r')))
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
-- 
2.34.1