Send the right CAs to the client.

c13d4799 · Ben Laurie · bc4deee0 · c13d4799 · c13d4799
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

CHANGES CHANGES +3 -0

apps/s_server.c apps/s_server.c +2 -2

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@

 Changes between 0.9.1c and 0.9.2

+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
  *) Don't blow it for numeric -newkey arguments to apps/req.
     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]


--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -505,7 +505,7 @@ bad:
 		SSL_CTX_set_cipher_list(ctx,cipher);
 	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);

-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
@@ -645,7 +645,7 @@ int s;
 					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
 				if ((buf[0] == 'R') &&
-					((buf[1] == '\0') || (buf[1] == '\r')))
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);