Re: [openssl-dev] [openssl.org #4531] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

The following CRL triggers this behaviour: https://info.pca.dfn.de/doc/large_crl.pem Thanks, Jürgen -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4531 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4531] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

Hi. Openssl 1.0.2h cannot parse really large CRLs anymore. "Really large" means > some 1MB. It seems as if the new check in line 202 in x_name.c, commited 5 days ago, has a side effect beyond name decoding: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/asn1/x_name.c#L202

[openssl-dev] openssl 1.0.2h: Parsing really large CRLs fails, side effect of change in x_name.c?

[double-post; sent this previously to r...@openssl.org, and didn't get a ticket reply or something. As I feel that potentially a large number of people is affected, e.g. via Apache crl parsing etc., re-sent to openssl-dev.] Hi. Openssl 1.0.2h cannot parse really large CRLs anymore. "Really