[openssl-dev] [openssl.org #4535] BUG: X509_NAME_MAX too small for CRL processing
Kash, Howard M CIV USARMY RDECOM ARL via RT
rt at openssl.org
Thu May 5 12:54:11 UTC 2016
OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the
error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being
set to 1024*1024. The CRLs I'm examining with "openssl crl -in <filename>
-nextupdate -noout" are up to 37MB (and growing). I have set X509_NAME_MAX
to 64*1024*1024 as a temporary workaround.
Howard
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4535
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5583 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160505/95df3917/attachment.bin>
More information about the openssl-dev
mailing list