projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
bc4deee
)
Send the right CAs to the client.
author
Ben Laurie
<ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000
(
00:16
+0000)
committer
Ben Laurie
<ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000
(
00:16
+0000)
CHANGES
patch
|
blob
|
history
apps/s_server.c
patch
|
blob
|
history
diff --git
a/CHANGES
b/CHANGES
index c7c24ed9e5e187aa37feb321e039dc94ae9ec1ae..2a8877ac3efaddd4aa5192f63957d07eb6de1f10 100644
(file)
--- a/
CHANGES
+++ b/
CHANGES
@@
-5,6
+5,9
@@
Changes between 0.9.1c and 0.9.2
Changes between 0.9.1c and 0.9.2
+ *) s_server should send the CAfile as acceptable CAs, not its own cert.
+ [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
*) Don't blow it for numeric -newkey arguments to apps/req.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
*) Don't blow it for numeric -newkey arguments to apps/req.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
diff --git
a/apps/s_server.c
b/apps/s_server.c
index 256636bc43e893e7efe0454b436c42ceabd5d1b9..c0546f6f9b0ea0529322bf758c70d4c0ad6e181f 100644
(file)
--- a/
apps/s_server.c
+++ b/
apps/s_server.c
@@
-505,7
+505,7
@@
bad:
SSL_CTX_set_cipher_list(ctx,cipher);
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_cipher_list(ctx,cipher);
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(
s_cert_
file));
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(
CA
file));
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
@@
-645,7
+645,7
@@
int s;
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
}
if ((buf[0] == 'R') &&
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
}
if ((buf[0] == 'R') &&
- ((buf[1] == '\
0
') || (buf[1] == '\r')))
+ ((buf[1] == '\
n
') || (buf[1] == '\r')))
{
SSL_set_verify(con,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
{
SSL_set_verify(con,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);