On Thu May 05 12:54:11 2016, howard.m.kash....@mail.mil wrote:
> OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the
> error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being
> set to 1024*1024. The CRLs I'm examining with "openssl crl -in <filename>
> -nextupdate -noout" are up to 37MB (and growing). I have set X509_NAME_MAX
> to 64*1024*1024 as a temporary workaround.

Already fixed in current 1.0.2 stable branch. See commit a1eef756cc1948e

Clsoing ticket.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4535
Please log in as guest with password guest if prompted

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to