[openssl-dev] [openssl.org #4535] BUG: X509_NAME_MAX too small for CRL processing
Stephen Henson via RT
rt at openssl.org
Thu May 5 13:08:36 UTC 2016
On Thu May 05 12:54:11 2016, howard.m.kash.civ at mail.mil wrote:
>
> OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the
> error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being
> set to 1024*1024. The CRLs I'm examining with "openssl crl -in <filename>
> -nextupdate -noout" are up to 37MB (and growing). I have set X509_NAME_MAX
> to 64*1024*1024 as a temporary workaround.
>
Already fixed in current 1.0.2 stable branch. See commit a1eef756cc1948e
Clsoing ticket.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4535
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list