{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"requestCAfile", OPT_REQCAFILE, '<',
- "PEM format file of CA names sent to server"},
+ "PEM format file of CA names to send to the server"},
{"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
{"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
"DANE TLSA rrdata presentation form"},
}
if (ReqCAfile != NULL) {
STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null();
+
if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {
sk_X509_NAME_pop_free(nm, X509_NAME_free);
BIO_printf(bio_err, "Error loading CA names\n");
X509 *peer = NULL;
char buf[BUFSIZ];
STACK_OF(X509) *sk;
- STACK_OF(X509_NAME) *sk2;
const SSL_CIPHER *c;
- X509_NAME *xn;
int i;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
BIO_printf(bio, "issuer=%s\n", buf);
- } else
- BIO_printf(bio, "no peer certificate available\n");
-
- sk2 = SSL_get_client_CA_list(s);
- if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
- BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
- for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
- xn = sk_X509_NAME_value(sk2, i);
- X509_NAME_oneline(xn, buf, sizeof(buf));
- BIO_write(bio, buf, strlen(buf));
- BIO_write(bio, "\n", 1);
- }
} else {
- BIO_printf(bio, "---\nNo client certificate CA names sent\n");
+ BIO_printf(bio, "no peer certificate available\n");
}
+ print_ca_names(bio, s);
ssl_print_sigalgs(bio, s);
ssl_print_tmp_key(bio, s);