On Thu May 05 12:54:11 2016, howard.m.kash....@mail.mil wrote: > > OpenSSL 1.0.2h fails to process large CRLs (anything over 1MB) with the > error "X509_NAME_EX_D2I:too long:x_name.c:203" due to X509_NAME_MAX being > set to 1024*1024. The CRLs I'm examining with "openssl crl -in <filename> > -nextupdate -noout" are up to 37MB (and growing). I have set X509_NAME_MAX > to 64*1024*1024 as a temporary workaround. >
Already fixed in current 1.0.2 stable branch. See commit a1eef756cc1948e Clsoing ticket. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4535 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
