Query reg. using certificates bigger than 4k for EAP-TLS
Jan Just Keijser
janjust at nikhef.nl
Wed Oct 20 15:46:18 UTC 2021
Hi Vishal,
On 20/10/21 13:34, Vishal Sinha wrote:
> Hi Matt
>
> The certificate is not large as such. But since it's a chain, the
> overall size crosses 4k. We used BIO_set_write_buffer_size() API to
> increase the size from 4k to 8k of the BIO buffer in SSL context.
>
>
just out of curiosity: does this issue occur with pppd with EAP-TLS
support (which I originally added) ? if so, which version of the pppd
code are you using or which version of the ppp-eap-tls patch?
If you *are* using pppd to do the EAP-TLS handshake then let me try to
replicate your particular issue.
HTH,
JJK
>
> On Wed, Oct 20, 2021 at 3:26 PM Vishal Sinha <vishals1991 at gmail.com
> <mailto:vishals1991 at gmail.com>> wrote:
>
> Hi
>
> We are using openssl 1.1.1c version on our client and server.
> Client and Server are doing EAP-TLS authentication using
> certificates which are more than 4k in size (using 1 root CA and 2
> intermediate CAs). We noticed that the server is not able to
> handle it gracefully due to insufficient buffer size during SSL
> handshake and hence authentication fails. To solve this issue, we
> increased the buffer size to 8k programmatically and
> authentication passed. Is there any other way to solve this problem?
>
> Regards
> Vishal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211020/cff79cd3/attachment.html>
More information about the openssl-users
mailing list