- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
(2 bytes for the algorithm identifier + 2 bytes of signature length
+ 65535 bytes of signature)
- Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH`
in `statem_srvr.c` and `statem_clnt.c`
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20486)
return s->max_cert_list;
case TLS_ST_CR_CERT_VRFY:
- return SSL3_RT_MAX_PLAIN_LENGTH;
+ return CERTIFICATE_VERIFY_MAX_LENGTH;
case TLS_ST_CR_CERT_STATUS:
return SSL3_RT_MAX_PLAIN_LENGTH;
/* Max ServerHello size permitted by RFC 8446 */
#define SERVER_HELLO_MAX_LENGTH 65607
+/* Max CertificateVerify size permitted by RFC 8446 */
+#define CERTIFICATE_VERIFY_MAX_LENGTH 65539
+
/* Max should actually be 36 but we are generous */
#define FINISHED_MAX_LENGTH 64
return CLIENT_KEY_EXCH_MAX_LENGTH;
case TLS_ST_SR_CERT_VRFY:
- return SSL3_RT_MAX_PLAIN_LENGTH;
+ return CERTIFICATE_VERIFY_MAX_LENGTH;
#ifndef OPENSSL_NO_NEXTPROTONEG
case TLS_ST_SR_NEXT_PROTO:
projects / thirdparty / openssl.git / commitdiff
