From 59e68615ce2f47fa7e62733ad0822c5f180c25c6 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 5 Jan 2012 00:28:43 +0000
Subject: [PATCH] PR: 2671 Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
---
 ssl/s3_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7266b82a16..53b351566c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2921,7 +2921,7 @@ int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		514, /* 514? */
+		516, /* Enough for 4096 bit RSA key with TLS v1.2 */
 		&ok);
 
 	if (!ok) return((int)n);
-- 
GitLab