generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Send the right CAs to the client.

Browse Source
This commit is contained in:
Ben Laurie 1999-01-07 00:16:37 +00:00
parent bc4deee07a
commit c13d4799dd
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -5,6 +5,9 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) s_server should send the CAfile as acceptable CAs, not its own cert.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
*) Don't blow it for numeric -newkey arguments to apps/req. *) Don't blow it for numeric -newkey arguments to apps/req.
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>] [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]

4
apps/s_server.c
View File

@ -505,7 +505,7 @@ bad:
SSL_CTX_set_cipher_list(ctx,cipher); SSL_CTX_set_cipher_list(ctx,cipher);
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
BIO_printf(bio_s_out,"ACCEPT\n"); BIO_printf(bio_s_out,"ACCEPT\n");
if (www) if (www)
@ -645,7 +645,7 @@ int s;
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */ /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
} }
if ((buf[0] == 'R') && if ((buf[0] == 'R') &&
((buf[1] == '\0') || (buf[1] == '\r'))) ((buf[1] == '\n') || (buf[1] == '\r')))
{ {
SSL_set_verify(con, SSL_set_verify(con,
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);