[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Sun Dec 27 23:03:12 UTC 2015
The branch master has been updated
via 057b6f797d89964892620fe9980a1ca6872a771f (commit)
from b1931d432f4b53ceb2e2eacec09c2e32e043830b (commit)
- Log -----------------------------------------------------------------
commit 057b6f797d89964892620fe9980a1ca6872a771f
Author: Matt Caswell <matt at openssl.org>
Date: Wed Dec 23 16:36:59 2015 +0000
Increase the max size limit for a CertificateRequest message
Previous versions of OpenSSL had the max size limit for a CertificateRequest
message as |s->max_cert_list|. Previously master had it to be
SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a
server is configured with a long list of acceptable CA names. Therefore
the size limit has been increased to be consistent with previous versions.
RT#4198
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index b14e6ed..536689b 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -696,7 +696,11 @@ unsigned long ossl_statem_client_max_message_size(SSL *s)
return SERVER_KEY_EXCH_MAX_LENGTH;
case TLS_ST_CR_CERT_REQ:
- return SSL3_RT_MAX_PLAIN_LENGTH;
+ /* Set to s->max_cert_list for compatibility with previous releases.
+ * In practice these messages can get quite long if servers are
+ * configured to provide a long list of acceptable CAs
+ */
+ return s->max_cert_list;
case TLS_ST_CR_SRVR_DONE:
return SERVER_HELLO_DONE_MAX_LENGTH;
More information about the openssl-commits
mailing list