Bug 1493075 - Unable to load large CRL openssl problem
Summary: Unable to load large CRL openssl problem
Status: CLOSED ERRATA
Alias: None
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: openssl
Version: 2.1.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: CR01
: 2.1.2-Bundle 2
Assignee: George Zaronikas
QA Contact: Michal Karm Babacek
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1508880 1509003
TreeView+ depends on / blocked
 
Reported: 2017-09-19 10:14 UTC by George Zaronikas
Modified: 2017-11-02 19:05 UTC (History)
3 users (show)

(edit)
CRL checking of very large CRLs fails with OpenSSL 1.0.2
Clone Of:
: 1508880 (view as bug list)
(edit)
Last Closed: 2017-11-02 19:05:06 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBCS-329 Critical Closed Unable to load large CRL openssl problem 2018-02-09 16:50 UTC
Red Hat Product Errata RHSA-2017:3113 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server security and bug fix update 2017-11-02 23:15:44 UTC
Red Hat Product Errata RHSA-2017:3114 normal SHIPPED_LIVE Important: Red Hat JBoss Web Server security and bug fix update 2017-11-02 23:04:48 UTC

Description George Zaronikas 2017-09-19 10:14:41 UTC
Originally cloned from JBCS-329 

Customer is seeing the following issue on very large CRLs > 1MB and bigger

unable to load CRL

8592:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too long:.\crypto\asn1\x_name.c:203:

8592:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO

8592:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:697:Field=crl, Type=X509_CRL

Comment 4 errata-xmlrpc 2017-11-02 19:05:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3114


Note You need to log in before you can comment on or make changes to this bug.