resumption problem

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 26 00:58:47 UTC 2020


On Thu, Mar 26, 2020 at 12:40:08AM +0000, Jeremy Harris wrote:

> Looks like I'm wrong, from the behaviour.
> 
> It's the second of the possible places, and "i" is 129.
> It appears to be failing the   WPACKET_sub_allocate_bytes_u16()
> call.  %rsi before the call, which I think should be
> the "namelen" arg, has value 172.

Right, you're running out of space by trying to send too many
CA names.  It is better to have this fail, so you can figure
what is trying to dump your entire trusted CA list (of names)
to the server, than to actually have that silently "work".

Now you need to find out why that's happening.  Perhaps your
"openssl.cnf" (Linux distro mistake?) causes the damage
for all applications even without explicit code to that
end in Exim?  Or you're calling something to make it happen.

-- 
    Viktor.


More information about the openssl-users mailing list