Bug 1493075

Summary: Unable to load large CRL openssl problem
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: George Zaronikas <gzaronik>
Component: opensslAssignee: George Zaronikas <gzaronik>
Status: CLOSED ERRATA QA Contact: Michal Karm Babacek <mbabacek>
Severity: high Docs Contact:
Priority: high    
Version: 2.1.1CC: csutherl, preichl, twalsh
Target Milestone: CR01   
Target Release: 2.1.2-Bundle 2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
CRL checking of very large CRLs fails with OpenSSL 1.0.2
 Story Points: ---
Clone Of:
: 1508880 (view as bug list) Environment:
Last Closed: 2017-11-02 19:05:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1508880, 1509003    

Description George Zaronikas 2017-09-19 10:14:41 UTC 
Originally cloned from JBCS-329 

Customer is seeing the following issue on very large CRLs > 1MB and bigger

unable to load CRL

8592:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too long:.\crypto\asn1\x_name.c:203:

8592:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO

8592:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:697:Field=crl, Type=X509_CRL
Comment 4 errata-xmlrpc 2017-11-02 19:05:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3114