diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_local.h | 3 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
3 files changed, 5 insertions, 2 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e5b036390a..8d90520d14 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1020,7 +1020,7 @@ size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s) return s->max_cert_list; case TLS_ST_CR_CERT_VRFY: - return SSL3_RT_MAX_PLAIN_LENGTH; + return CERTIFICATE_VERIFY_MAX_LENGTH; case TLS_ST_CR_CERT_STATUS: return SSL3_RT_MAX_PLAIN_LENGTH; diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 75b7274c2e..30b7d5b0a5 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -31,6 +31,9 @@ /* Max ServerHello size permitted by RFC 8446 */ #define SERVER_HELLO_MAX_LENGTH 65607 +/* Max CertificateVerify size permitted by RFC 8446 */ +#define CERTIFICATE_VERIFY_MAX_LENGTH 65539 + /* Max should actually be 36 but we are generous */ #define FINISHED_MAX_LENGTH 64 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 6d4be61118..3137f548ef 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1223,7 +1223,7 @@ size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s) return CLIENT_KEY_EXCH_MAX_LENGTH; case TLS_ST_SR_CERT_VRFY: - return SSL3_RT_MAX_PLAIN_LENGTH; + return CERTIFICATE_VERIFY_MAX_LENGTH; #ifndef OPENSSL_NO_NEXTPROTONEG case TLS_ST_SR_NEXT_PROTO: |