From 3281c6ea0c270d7065608e47c915046c92f1dbf5 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 11 Sep 2014 21:41:12 +0100
Subject: [PATCH] Add debug for number of CA certs, for OpenSSL/file load

---
 src/src/tls-openssl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 9278874ca..7d9ab8b4d 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1376,9 +1376,14 @@ if (expcerts != NULL && *expcerts != '\0')
           !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
       return tls_error(US"SSL_CTX_load_verify_locations", host, NULL);
 
+    /* Load the list of CAs for which we will accept certs, for sending
+    to the client.  XXX only for file source, not dir? */
     if (file != NULL)
       {
-      SSL_CTX_set_client_CA_list(sctx, SSL_load_client_CA_file(CS file));
+      STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);
+DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",
+				  sk_X509_NAME_num(names));
+      SSL_CTX_set_client_CA_list(sctx, names);
       }
     }
 
-- 
2.30.2