On Wed Dec 23 16:48:20 2015, matt wrote: > On Wed Dec 23 15:42:54 2015, d...@inky.com wrote: > > Using the current master (head) code, this reproduces it: > > > > openssl s_client -connect mail.baggett.org:465 > > > > This is my own personal mail server, so feel free to poke and prod > > it. > > > > Great, thanks. I can reproduce this now. > > The problem is that the server has been configured to allow client > auth. The > CertificateRequest message coming from the server seems very long > (nearly 20k). > This is primarily made up of a long list of acceptable CA names. > > The master code has the max size limit for this message as being > SSL3_RT_MAX_PLAIN_LENGTH (16384 bytes). This is the maximum that can > be put > into a single TLS record. Previous versions had it set to s- > >max_cert_list > which is a configurable value that by default is 100k. > > The attached patch should resolve this issue (it just reverts the size > limit to > what it was before).
This patch has now been applied. Closing ticket. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
