diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-08-25 11:49:24 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-08-25 11:49:24 +0000 |
commit | e7cf7fcd216e8680200b3e3f9feb112f8c5952f3 (patch) | |
tree | 44918a6547a8c9beaa55f6b7f0ac4160c8d4eeb7 | |
parent | bb8aab02113d683b76e06da31b7804591e2e62e0 (diff) |
Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)
-rw-r--r-- | CHANGES | 6 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 6 |
2 files changed, 11 insertions, 1 deletions
@@ -12,6 +12,12 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.) + [Lutz Jaenicke] + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). [Lutz Jaenicke] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 53091d3577..fd9b3f00ad 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -550,7 +550,11 @@ static int ssl3_check_client_hello(SSL *s) SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1, - SSL3_RT_MAX_PLAIN_LENGTH, +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n); s->s3->tmp.reuse_message = 1; |