Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)

author: Lutz Jänicke <jaenicke@openssl.org> 2001-08-25 11:49:24 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2001-08-25 11:49:24 +0000
commit: e7cf7fcd216e8680200b3e3f9feb112f8c5952f3 (patch)
tree: 44918a6547a8c9beaa55f6b7f0ac4160c8d4eeb7
parent: bb8aab02113d683b76e06da31b7804591e2e62e0 (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index aef5034c80..4d560e66dd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,12 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
   *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
      [Lutz Jaenicke]
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 53091d3577..fd9b3f00ad 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -550,7 +550,11 @@ static int ssl3_check_client_hello(SSL *s)
 		SSL3_ST_SR_CERT_A,
 		SSL3_ST_SR_CERT_B,
 		-1,
-		SSL3_RT_MAX_PLAIN_LENGTH,
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+		1024*30, /* 30k max cert list :-) */
+#else
+		1024*100, /* 100k max cert list :-) */
+#endif
 		&ok);
 	if (!ok) return((int)n);
 	s->s3->tmp.reuse_message = 1;
author	Lutz Jänicke <jaenicke@openssl.org>	2001-08-25 11:49:24 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2001-08-25 11:49:24 +0000
commit	e7cf7fcd216e8680200b3e3f9feb112f8c5952f3 (patch)
tree	44918a6547a8c9beaa55f6b7f0ac4160c8d4eeb7
parent	bb8aab02113d683b76e06da31b7804591e2e62e0 (diff)