Topic: How to change value of constants without breaking everything?

I need the commonName buffer to be bigger (some subdomain names can get quite large). When I either adjust the array size constant directly or alter the CTC_NAME_SIZE value, the resulting certificate gets all misaligned and basically doesn't work.

To save me reading through all the source code to connect the dots, which data do I need to change to do this?

enum Ctc_Misc {
    CTC_NAME_SIZE    =   64,
    CTC_DATE_SIZE    =   32,
    CTC_MAX_ALT_SIZE = 8192,    /* may be huge */
    CTC_SERIAL_SIZE  =    8
};

Share

Re: How to change value of constants without breaking everything?

Hi Philhippus,

Can you let me know what domain you are using that is longer than 64 characters?  The X.509 RFC (http://tools.ietf.org/html/rfc5280) states that the upper bound of the commonName field should be 64 characters:

--  specifications of Upper Bounds MUST be regarded as mandatory
--  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
--  Upper Bounds

-- Upper Bounds
...
...
ub-common-name-length INTEGER ::= 64

Thanks,
Chris

Re: How to change value of constants without breaking everything?

Hi Chris,

https://p5-iaztwlcygct3i-f3lphbry6go6wo … exp3/6.gif caused my SSL filter to crash because I generate individual certificates for the full hostname.

My workaround is to tunnel >64 char hosts, which suits my purposes. Would this situation normally be solved by chaining?

Cheers,
P

Share