Hi ben, I found that there is a bug in openssl, if the length of list
ctx->client_CA is up to 649, the client will be failed to connect the server.
It's difficult for me to fix this bug, because I'm not very familiar with the
openssl, but I thought it's not very suitable to add client CA using
the API SSL_CTX_add_client_CA when reconfigure ssl, this API did not delete the
old CA certificates, I wonder if the API SSL_CTX_set_client_CA_list
is better than SSL_CTX_add_client_CA, it fix my problem to modify the ovsdb
function stream_ssl_set_ca_cert_file__ using the SSL_CTX_set_client_CA_list.
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
