In ssl\s3_srvr.c ssl3_get_client_key_exchange() there is a call to
n=ssl3_get_message(s,
SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B,
SSL3_MT_CLIENT_KEY_EXCHANGE,
400, /* ???? */
&ok);
The problem is that the max message size of 400 is too small to
contain a Kerberos 5 AP_REQ message. These messages can exceed 1K
depending on the number of keys (and even authorization data) included
in the message. Does anyone know why the number 400 was selected?
What should this be?
Should the max value be dependent upon the value of
s->s3->tmp.new_cipher->algorithms
?
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]