generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Increase the max size limit for a CertificateRequest message

Browse Source 
Previous versions of OpenSSL had the max size limit for a CertificateRequest
message as |s->max_cert_list|. Previously master had it to be
SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a
server is configured with a long list of acceptable CA names. Therefore
the size limit has been increased to be consistent with previous versions.

RT#4198

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Matt Caswell 2015-12-23 16:36:59 +00:00
parent b1931d432f
commit 057b6f797d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/statem/statem_clnt.c
View File

@ -696,7 +696,11 @@ unsigned long ossl_statem_client_max_message_size(SSL *s)
return SERVER_KEY_EXCH_MAX_LENGTH;
case TLS_ST_CR_CERT_REQ:
return SSL3_RT_MAX_PLAIN_LENGTH;
/* Set to s->max_cert_list for compatibility with previous releases.
* In practice these messages can get quite long if servers are
* configured to provide a long list of acceptable CAs
*/
return s->max_cert_list;
case TLS_ST_CR_SRVR_DONE:
return SERVER_HELLO_DONE_MAX_LENGTH;