Hi, The verification of the https://ugos.ugm.ac.id certificate contains 2032 subject alt names which leads to the following error in LibreSSL.
# openssl s_client -connect ugos.ugm.ac.id:443 ... verify error:num=17:out of memory ... The following diff sets the maximum number of SANs to the next higher number to fix this issue. OK? bye, Jan Index: lib/libcrypto/x509/x509_internal.h =================================================================== RCS file: /cvs/src/lib/libcrypto/x509/x509_internal.h,v retrieving revision 1.6 diff -u -p -r1.6 x509_internal.h --- lib/libcrypto/x509/x509_internal.h 5 Jan 2021 16:45:59 -0000 1.6 +++ lib/libcrypto/x509/x509_internal.h 9 Mar 2021 14:38:35 -0000 @@ -31,7 +31,7 @@ * Limit the number of names and constraints we will check in a chain * to avoid a hostile input DOS */ -#define X509_VERIFY_MAX_CHAIN_NAMES 512 +#define X509_VERIFY_MAX_CHAIN_NAMES 4096 #define X509_VERIFY_MAX_CHAIN_CONSTRAINTS 512 /*
