Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
> On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
>
> > (So DER encoding is used, and it is allowing 128 byte long
> > length fields allowing 2^1024 [a number taking four and a half
> > line in xterm because 3
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
> (So DER encoding is used, and it is allowing 128 byte long
> length fields allowing 2^1024 [a number taking four and a half
> line in xterm because 309 decimal digits long] bytes long value
> fields sufficient to enumerate
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 14:20 -0500:
> The limit is not (only?) an X.509 limit, rather the SSL/TLS
> record layer cannot carry messages larger than 2^14 bytes (plus
> some overhead for compression algorithms which provably need to
> be able to make some records larger in ord
On Fri, Feb 12, 2010 at 12:41:16PM +0100, Steffen DETTMER wrote:
> * Victor Duchovni wrote:
> > The SSL/TLS record layer has a maximum record size, a
> > certificate probably needs to fit into one record, so if your
> > 500+ domains generate a certificate that is larger than ~16K
> > bytes, you ma
this
> message. Thank you for your cooperation.
> P Please consider the environment before printing this e-mail
>
>
> __________
> OpenSSL Project http://www.openssl.org
> User Suppo
* Victor Duchovni wrote:
> The SSL/TLS record layer has a maximum record size, a
> certificate probably needs to fit into one record, so if your
> 500+ domains generate a certificate that is larger than ~16K
> bytes, you may be out of luck.
(I just ask for curiosity, not because I have any problem
___
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
>
--
View this message in context:
http://old.nabble.com/Subject-Alternati
On Wed, Feb 10, 2010 at 03:23:03PM -0800, rono16 wrote:
>
> I am using OpenSSL to create a self sign certificate and have a need to add
> approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
> Alternative Name. I have succeeded in creating a certificate with 500 DNS
> entries
f the
sites where the certificate is installed.
I've read RFC3280 and there is no mention of a maximum for SAN entries. Has
anyone had any experience with this or do you have any ideas? Thanks for
any help.
--
View this message in context:
http://old.nabble.com/Subject-Alternative
