users@glassfish.java.net

Re: ssl_error_rx_malformed_cert_request with two-way ssl ...

From: <forums_at_java.net>
Date: Fri, 21 Sep 2012 17:26:32 -0500 (CDT)

The root cause is a limitation of TLS unfortunately. It can only transport up
to 2^16-1 bytes of CA Distinguished name information.
http://www.rfc-editor.org/rfc/rfc2246.txt section 7.4.4. SunJSSE is not
checking this when it is encoding, and is wrapping the value sent if the list
gets above 64KB. i.e. it is sending a truncated length value. It needs to
throw an exception here if it wraps. If the number of bytes read doesn't
match up with the advertised header, the peer will fail on reads.
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7200295 HTH.

--
[Message sent by forum member 'wetmore']
View Post: http://forums.java.net/node/889917