Increase limit for CRL download

beldmit · Oct 4, 2024 · 8169dac · 8169dac
1 parent 58c68a5
commit 8169dac
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
@@ -116,11 +116,13 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
                                    int timeout, const ASN1_ITEM *it)
 {
 #ifndef OPENSSL_NO_HTTP
+    size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ?
+        OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
     BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
                              bio, rbio, NULL /* cb */, NULL /* arg */,
                              1024 /* buf_size */, NULL /* headers */,
                              NULL /* expected_ct */, 1 /* expect_asn1 */,
-                             OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
+                             max_resp_len, timeout);
     ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
 
     BIO_free(mem);

diff --git a/include/openssl/http.h b/include/openssl/http.h
@@ -35,9 +35,10 @@ extern "C" {
 
 # ifndef OPENSSL_NO_HTTP
 
-#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
-#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
+#  define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
+#  define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
+#  define OSSL_HTTP_DEFAULT_MAX_CRL_LEN (32 * 1024 * 1024)
+#  define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256
 
 
 /* Low-level HTTP API */