From a04baf9b5c8d88c8269b37ddf4c1e2379c601c8c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Sat, 25 Aug 2001 11:48:35 +0000 Subject: [PATCH] Allow client certificate lists > 16kB ("Douglas E. Engert" .) --- CHANGES | 6 ++++++ ssl/s3_srvr.c | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index aed1082915..88574700f4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.6b and 0.9.6c [XX xxx XXXX] + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" .) + [Lutz Jaenicke] + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). [Lutz Jaenicke] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 258af84867..0d3eb76e0a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -537,7 +537,11 @@ static int ssl3_check_client_hello(SSL *s) SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1, - SSL3_RT_MAX_PLAIN_LENGTH, +#if defined(MSDOS) && !defined(WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n); s->s3->tmp.reuse_message = 1; -- 2.25.1