Windows PowerShell command on Get-command SSL_set_max_cert_list
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man SSL_set_max_cert_list




OpenSSL                       SSL_CTX_set_max_cert_list(3openssl)




NNNNAAAAMMMMEEEE

     SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list,

     SSL_set_max_cert_list, SSL_get_max_cert_list, - manipulate

     allowed for the peer's certificate chain

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS

      #include 



      long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);

      long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);



      long SSL_set_max_cert_list(SSL *ssl, long size);

      long SSL_get_max_cert_list(SSL *ctx);



DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN

     SSL_CTX_set_max_cert_list() sets the maximum size allowed

     for the peer's certificate chain for all SSL objects created
     from ccccttttxxxx to be  bytes.  The SSL objects inherit the

     setting valid for ccccttttxxxx at the time SSL_new(3) is being

     called.


     SSL_CTX_get_max_cert_list() returns the currently set

     maximum size for ccccttttxxxx.


     SSL_set_max_cert_list() sets the maximum size allowed for

     the peer's certificate chain for ssssssssllll to be  bytes.
     This setting stays valid until a new value is set.


     SSL_get_max_cert_list() returns the currently set maximum

     size for ssssssssllll.

NNNNOOOOTTTTEEEESSSS
     During the handshake process, the peer may send a

     certificate chain.  The TLS/SSL standard does not give any
     maximum size of the certificate chain.  The OpenSSL library
     handles incoming data by a dynamically allocated buffer.  In
     order to prevent this buffer from growing without bounds due
     to data received from a faulty or malicious peer, a maximum
     size for the certificate chain is set.

     The default value for the maximum certificate chain size is
     100kB (30kB on the 16bit DOS platform). This should be
     sufficient for usual certificate chains (OpenSSL's default

     maximum chain length is 10, see SSL_CTX_set_verify(3), and

     certificates without special extensions have a typical size

     of 1-2kB).


     For special applications it can be necessary to extend the
     maximum certificate chain size allowed to be sent by the
     peer, see e.g. the work on "Internet X.509 Public Key
     Infrastructure Proxy Certificate Profile" and "TLS




11/Sep/2001            Last change: 0.9.8o                      1







OpenSSL                       SSL_CTX_set_max_cert_list(3openssl)




     Delegation Protocol" at http://www.ietf.org/ and
     http://www.globus.org/ .

     Under normal conditions it should never be necessary to set
     a value smaller than the default, as the buffer is handled
     dynamically and only uses the memory actually required by
     the data sent by the peer.

     If the maximum certificate chain size allowed is exceeded,

     the handshake will fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE

     error.

RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS

     SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list()

     return the previously set value.


     SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list()

     return the currently set value.

SSSSEEEEEEEE AAAALLLLSSSSOOOO

     ssl(3), SSL_new(3), SSL_CTX_set_verify(3)


HHHHIIIISSSSTTTTOOOORRRRYYYY

     SSL*_set/get_max_cert_list() have been introduced in OpenSSL

     0.9.7.































11/Sep/2001            Last change: 0.9.8o                      2



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™