Send the right CAs to the client.

author Ben Laurie <ben@openssl.org>

Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)

committer Ben Laurie <ben@openssl.org>

Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
author Ben Laurie <ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
committer Ben Laurie <ben@openssl.org>
Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
diff --git a/CHANGES b/CHANGES

index c7c24ed9e5e187aa37feb321e039dc94ae9ec1ae..2a8877ac3efaddd4aa5192f63957d07eb6de1f10 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
  
   Changes between 0.9.1c and 0.9.2
  
  
   Changes between 0.9.1c and 0.9.2
  
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
    *) Don't blow it for numeric -newkey arguments to apps/req.
       [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
  
    *) Don't blow it for numeric -newkey arguments to apps/req.
       [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
  
diff --git a/apps/s_server.c b/apps/s_server.c

index 256636bc43e893e7efe0454b436c42ceabd5d1b9..c0546f6f9b0ea0529322bf758c70d4c0ad6e181f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -505,7 +505,7 @@ bad:
                 SSL_CTX_set_cipher_list(ctx,cipher);
         SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
  
                 SSL_CTX_set_cipher_list(ctx,cipher);
         SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
  
-       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+       SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
  
         BIO_printf(bio_s_out,"ACCEPT\n");
         if (www)
  
         BIO_printf(bio_s_out,"ACCEPT\n");
         if (www)
@@ -645,7 +645,7 @@ int s;
                                         /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
                                         }
                                 if ((buf[0] == 'R') &&
                                         /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
                                         }
                                 if ((buf[0] == 'R') &&
-                                       ((buf[1] == '\0') || (buf[1] == '\r')))
+                                       ((buf[1] == '\n') || (buf[1] == '\r')))
                                         {
                                         SSL_set_verify(con,
                                                 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
                                         {
                                         SSL_set_verify(con,
                                                 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
author	Ben Laurie <ben@openssl.org>
	Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
committer	Ben Laurie <ben@openssl.org>
	Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)
CHANGES		patch \| blob \| history
apps/s_server.c		patch \| blob \| history