Thanks! Sent with inky<http://inky.com?kme=signature>
"Matt Caswell via RT" <r...@openssl.org> wrote: On Wed Dec 23 15:42:54 2015, d...@inky.com wrote: > Using the current master (head) code, this reproduces it: > > openssl s_client -connect mail.baggett.org:465 > > This is my own personal mail server, so feel free to poke and prod it. > Great, thanks. I can reproduce this now. The problem is that the server has been configured to allow client auth. The CertificateRequest message coming from the server seems very long (nearly 20k). This is primarily made up of a long list of acceptable CA names. The master code has the max size limit for this message as being SSL3_RT_MAX_PLAIN_LENGTH (16384 bytes). This is the maximum that can be put into a single TLS record. Previous versions had it set to s->max_cert_list which is a configurable value that by default is 100k. The attached patch should resolve this issue (it just reverts the size limit to what it was before). Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
