openssl: openssl incorrect allowed maximum domain length

An error occurs when trying to get a CSR request for an SSL certificate:

ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:109:maxsize=64

Domain name: the-very-long-domain-name-in-the-internet-for-generate-csr-strg.uz

The length of this domain, given the zone, is 66 characters, and without zone 63. If you reduce the length of the domain by two characters, the error does not occur. For example: the-very-long-domain-name-in-the-internet-for-generate-csr-st.uz

Please support longer domain names or consider the length without a zone.

About this issue

  • Original URL
  • State: open
  • Created 6 years ago
  • Comments: 15 (14 by maintainers)

Most upvoted comments

Oops. Sorry, it was a hard day… #9654

+1
beldmit on Apr 15, 2020

RFC 5280 is irrelevant here. RFC 3280 is. At the end of Appendix A, you can find a slew of sizes, among others this:

ub-common-name INTEGER ::= 64

That’s why I asked how the domain name was being used, a couple of years ago

+1
levitte on Apr 15, 2020
Read more comments on GitHub
← openssl: `openssl help` doesn't list all algorithm.
openssl: OpenSSL legacy provider failed to load →