Gitweb:
http://git.exim.org/exim.git/commitdiff/3281c6ea0c270d7065608e47c915046c92f1dbf5
Commit: 3281c6ea0c270d7065608e47c915046c92f1dbf5
Parent: e91ad4a760cbf58e1f455d2ba226d80aa6c2da05
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Sep 11 21:41:12 2014 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Sep 11 21:42:52 2014 +0100
Add debug for number of CA certs, for OpenSSL/file load
---
src/src/tls-openssl.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 9278874..7d9ab8b 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1376,9 +1376,14 @@ if (expcerts != NULL && *expcerts != '\0')
!SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
return tls_error(US"SSL_CTX_load_verify_locations", host, NULL);
+ /* Load the list of CAs for which we will accept certs, for sending
+ to the client. XXX only for file source, not dir? */
if (file != NULL)
{
- SSL_CTX_set_client_CA_list(sctx, SSL_load_client_CA_file(CS file));
+ STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);
+DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",
+ sk_X509_NAME_num(names));
+ SSL_CTX_set_client_CA_list(sctx, names);
}
}
