Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7200295

CertificateRequest message is wrapping when using large numbers of Certs

    Details

    • Subcomponent:
    • Resolved In Build:
      b61
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        http://www.java.net/forum/topic/glassfish/glassfish/sslerrorrxmalformedcertrequest-two-way-ssl-authentication

        In Glassfish 3.1.1 I have two-way ssl authentication and cacerts.jks has 498 certificates now. When I have 516 entries (size 487KB) the server is starting but when I try to connect is rising:

            "Secure Connection Failed SSL received a malformed Certificate

        I think the user is also seeing in OpenSSL:

            ssl_error_rx_malformed_cert_request

        I tried to increase the allocated memory" the same result. The only way to make it to run is to delete one certificate.

        This is probably because there is an hardcoded limit in the protocol: The CertificateRequest message must specify the DNs of accepted CA. This DNs, all together, can occupy at the most 2^16-1= 65535 bytes, so if there are too many CAs, this limit can be encountered.

        For reference, this is paragraph 7.4.4 of RFC 2246. It describes TLS 1.0, but there is little significant difference between TLS and SSL for what interest us.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  xuelei Xue-Lei Fan
                  Reporter:
                  wetmore Bradford Wetmore
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: