RE: Problems with CA-Certifcates

Thu, 17 May 2007 11:56:39 -0700 

Looking at the SSL 3.0 spec at
http://wp.netscape.com/eng/ssl3/draft302.txt, there appears to be a size
limit for the list of CA distinguished names ..

     struct {
         CertificateType certificate_types<1..2^8-1>;
         DistinguishedName certificate_authorities<3..2^16-1>;
     } CertificateRequest;

If I interpret the spec correctly, this means 3 - 65535 bytes of data
available for the list of DNs (someone please correct me if I am wrong).

Perhaps you are hitting this limit.

Rich


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keller Kind
Sent: Thursday, May 17, 2007 10:30 AM
To: modssl-users@modssl.org
Subject: Re: Problems with CA-Certifcates

2. Yes i know, that i can have more than one certificate in a PEM-file.
That is used for the SSLCACertificateFile Option. But this didnt solve
the problem.
There is no difference between having more than 250 single certificate
files or one
file with 250 certificates.
In the SSL-Handshake the Server sends to the Client, which CAs he
accepts.
This Massage seems to be malformed when there are too many CAs.
Any Ideas...?


Fought, Richard schrieb:
>1. I believe the server reads the CA cert into memory at startup for a
>couple of reasons: to prevent unnecessary disk access, and probably as
a
>security measure as well.  If your cert is password protected, you
might
>want an admin to type it in and startup is the perfect time to do it.
>
>2. Maybe it is a # of files limitation?  If I'm not mistaken, you can
>have more than one certificate in a PEM file.  Maybe try to combine
>them.
>
>Rich
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      modssl-users@modssl.org
>Automated List Manager                            [EMAIL PROTECTED]
>
>
>
>

_________________________________________________________________
Sie suchen E-Mails, Dokumente oder Fotos? Die neue MSN Suche Toolbar mit

Windows-Desktopsuche liefert in sekundenschnelle Ergebnisse. Jetzt neu! 
http://desktop.msn.de/ Jetzt gratis downloaden!

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to