[openssl-dev] [openssl.org #4198] BUG: READ_STATE_MACHINE:excessive message size during handshake
Matt Caswell via RT
rt at openssl.org
Sun Dec 27 23:04:11 UTC 2015
On Wed Dec 23 16:48:20 2015, matt wrote:
> On Wed Dec 23 15:42:54 2015, dmb at inky.com wrote:
> > Using the current master (head) code, this reproduces it:
> >
> > openssl s_client -connect mail.baggett.org:465
> >
> > This is my own personal mail server, so feel free to poke and prod
> > it.
> >
>
> Great, thanks. I can reproduce this now.
>
> The problem is that the server has been configured to allow client
> auth. The
> CertificateRequest message coming from the server seems very long
> (nearly 20k).
> This is primarily made up of a long list of acceptable CA names.
>
> The master code has the max size limit for this message as being
> SSL3_RT_MAX_PLAIN_LENGTH (16384 bytes). This is the maximum that can
> be put
> into a single TLS record. Previous versions had it set to s-
> >max_cert_list
> which is a configurable value that by default is 100k.
>
> The attached patch should resolve this issue (it just reverts the size
> limit to
> what it was before).
This patch has now been applied. Closing ticket.
Matt
More information about the openssl-dev
mailing list