X509v3 SAN names length question

[Andrei Susnea]

Hi,

Using openssl 1.0.2h I'm getting SSL_ERROR_SYSCALL while trying to
authenticate a certificate with the following SAN names configuration:

X509v3 Subject Alternative Name:

                DNS:xxxx.xxxxxx.xxx.xxx.xxxxxxxxxxx.com,
DNS:xxxx.xxxxxx.xxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxxx.xxx.xxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxxx.xxx.xxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxx.xxx.xxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxx.xxx.xxx.xxx.xxxxxxxxxxx.com


With the previous config, it worked:

X509v3 Subject Alternative Name:
                DNS:xxxxxxxxxxx-xxxx.xxx.xxxxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxx.xxx.xxxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxxx.xxx.xxxxx.xxx.xxxxxxxxxxx.com,
DNS:xxxxxxxxxxx-xxxxx.xxx.xxxxxx.xxx.xxxxxxxxxxx.com


I tried upgrading to 1.0.2r with the same result.

Does anyone know if it's a name length issue with this version?
I read you can have as many as 150 names x 25 characters < 4k.

Or if updating to 1.1.1b would fix this issue?


Thanks,

Andrei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190509/15faeb01/attachment.html>