OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being set to 1024*1024. The CRLs I'm examining with "openssl crl -in <filename> -nextupdate -noout" are up to 37MB (and growing). I have set X509_NAME_MAX to 64*1024*1024 as a temporary workaround.
Howard -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4535 Please log in as guest with password guest if prompted
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
