Hi all, My question is basically, how many CA certificates is allowed to be send during the server certificate stage of the SSL protocol negotiations and do I control it (if at all)?
My clients (a mono application), is able to connect to my SSL server if I only have 6 CA certificates in the CA directory configured in the SSL_CTX. Adding another two causes the clients to fail due to an "SSL certificate error". Watching the protocol with Wireshark it stops at the Server certificate stage of the negotiations. My theory is that the clients are limited and does not like so many (8) CA certs being send and/or can not parse them all to validate it's own certificate. Is this possible and what is the limit if any? All of the certificates is signed by a root CA so the depth level is 2. Thanks LJB -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
