I believe it's an x.509v3 limitation and not specific to openssl. After getting Viktor's hint I did a little research and found that the limitation is set at 2^14.
Ron Steffen DETTMER wrote: > > * Victor Duchovni wrote: >> The SSL/TLS record layer has a maximum record size, a >> certificate probably needs to fit into one record, so if your >> 500+ domains generate a certificate that is larger than ~16K >> bytes, you may be out of luck. > > (I just ask for curiosity, not because I have any problem with that!) > Does this mean that OpenSSL has a compiled-in certificate size > limitation and to increase that it would be required to replace > the libs on the systems needing to support bigger certificates? > > oki, > > Steffen > > -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------->8======= > > > > About Ingenico: Ingenico is a leading provider of payment solutions, with > over 15 million terminals deployed in more than 125 countries. Its 2,850 > employees worldwide support retailers, banks and service providers to > optimize and secure their electronic payments solutions, develop their > offer of services and increase their point of sales revenue. More > information on http://www.ingenico.com/. > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > P Please consider the environment before printing this e-mail > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Subject-Alternative-Name-Help-tp27539914p27565135.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
