[Privoxy-users] Why fail to open secure connection to the client incidentally, and what's the proper cleaning strategy for the generated certificates?
Fabian Keil
fk at fabiankeil.de
Sun Mar 21 07:48:35 UTC 2021
Wen Yue <miles.wy.1 at gmail.com> wrote on 2021-03-18:
> Thanks very much for your informative && inspiring reply!
You're welcome.
> On Thu, Mar 18, 2021 at 1:47 AM Fabian Keil <fk at fabiankeil.de> wrote:
>
> > Wen Yue <miles.wy.1 at gmail.com> wrote on 2021-03-17:
> > > I re-checked these log msg today, there's nothing severe about the
> > > client connection but this one:
> > >
> > > 2021-03-16 22:36:07.730 7f45887d0700 Error: X509 PEM cert len 16694
> > > is
> > > > larger than buffer len 16383
> > > > 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len
> > > > 16694 is larger than buffer len 16383
> > > >
> > >
> > > I've no idea what happened.
> >
> > Privoxy 3.0.32 uses buffers with a fixed size to temporarily store
> > the certificates in case the server certificate can't be validated
> > (in which case the user may want to inspect the certificates).
> >
> > The message indicates that a certificate was too large to fit
> > into the buffer and got truncated. If Privoxy was able to verify
> > the certificate sent by the web server this doesn't matter.
> >
> > I'm currently testing a patch to use dynamically allocated buffers
> > which should fix this issue.
The patch has been pushed to git master:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff;h=85bc700695d99d5858dbaa1448251e48df9ce747
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20210321/497e058f/attachment.bin>
More information about the Privoxy-users
mailing list