Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
(So DER encoding is used, and it is allowing 128 byte long
length fields allowing 2^1024 [a number taking four and a half
line in xterm because 309
this message in context:
http://old.nabble.com/Subject-Alternative-Name-Help-tp27539914p27555907.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
* Victor Duchovni wrote:
The SSL/TLS record layer has a maximum record size, a
certificate probably needs to fit into one record, so if your
500+ domains generate a certificate that is larger than ~16K
bytes, you may be out of luck.
(I just ask for curiosity, not because I have any problem
--
View this message in context:
http://old.nabble.com/Subject-Alternative-Name-Help-tp27539914p27565135.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
On Fri, Feb 12, 2010 at 12:41:16PM +0100, Steffen DETTMER wrote:
* Victor Duchovni wrote:
The SSL/TLS record layer has a maximum record size, a
certificate probably needs to fit into one record, so if your
500+ domains generate a certificate that is larger than ~16K
bytes, you may be out
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 14:20 -0500:
The limit is not (only?) an X.509 limit, rather the SSL/TLS
record layer cannot carry messages larger than 2^14 bytes (plus
some overhead for compression algorithms which provably need to
be able to make some records larger in order
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
(So DER encoding is used, and it is allowing 128 byte long
length fields allowing 2^1024 [a number taking four and a half
line in xterm because 309 decimal digits long] bytes long value
fields sufficient to enumerate
of the
sites where the certificate is installed.
I've read RFC3280 and there is no mention of a maximum for SAN entries. Has
anyone had any experience with this or do you have any ideas? Thanks for
any help.
--
View this message in context:
http://old.nabble.com/Subject-Alternative-Name-Help
On Wed, Feb 10, 2010 at 03:23:03PM -0800, rono16 wrote:
I am using OpenSSL to create a self sign certificate and have a need to add
approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
Alternative Name. I have succeeded in creating a certificate with 500 DNS
entries and