Send the right CAs to the client.

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 256636bc43e893e7efe0454b436c42ceabd5d1b9..c0546f6f9b0ea0529322bf758c70d4c0ad6e181f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -505,7 +505,7 @@ bad:
                SSL_CTX_set_cipher_list(ctx,cipher);
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
 
-       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
        BIO_printf(bio_s_out,"ACCEPT\n");
        if (www)
@@ -645,7 +645,7 @@ int s;
                                        /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
                                        }
                                if ((buf[0] == 'R') &&
-                                       ((buf[1] == '\0') || (buf[1] == '\r')))
+                                       ((buf[1] == '\n') || (buf[1] == '\r')))
                                        {
                                        SSL_set_verify(con,
                                                SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);