mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Send the right CAs to the client.
This commit is contained in:
parent
bc4deee07a
commit
c13d4799dd
3
CHANGES
3
CHANGES
@ -5,6 +5,9 @@
|
||||
|
||||
Changes between 0.9.1c and 0.9.2
|
||||
|
||||
*) s_server should send the CAfile as acceptable CAs, not its own cert.
|
||||
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
|
||||
|
||||
*) Don't blow it for numeric -newkey arguments to apps/req.
|
||||
[Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
|
||||
|
||||
|
@ -505,7 +505,7 @@ bad:
|
||||
SSL_CTX_set_cipher_list(ctx,cipher);
|
||||
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
|
||||
|
||||
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
|
||||
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
|
||||
|
||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||
if (www)
|
||||
@ -645,7 +645,7 @@ int s;
|
||||
/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
|
||||
}
|
||||
if ((buf[0] == 'R') &&
|
||||
((buf[1] == '\0') || (buf[1] == '\r')))
|
||||
((buf[1] == '\n') || (buf[1] == '\r')))
|
||||
{
|
||||
SSL_set_verify(con,
|
||||
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user