search

cisco / joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
Other
1.31k stars 329 forks source link

src/tls.c file comment error #212

Closed Applenice closed 5 years ago

Applenice commented 5 years ago

Hello,I saw these codes and comments while reading tls.c

/*
 * The maxiumum allowed length of a serial number is 20 octets
 * according to RFC5290 section 4.1.2.2. We give some leeway
 * for any non-conforming certificates.
 */
#define MAX_CERT_SERIAL_LENGTH 24
#define MAX_HANDSHAKE_LENGTH 11000

The comments in the section mentioned RFC 5290, but I reviewed RFC 5290 and found no relevant content.I checked the relevant information, which appeared in RFC 5280 section 4.1.2.2.

Given the uniqueness requirements above, serial numbers can be expected to contain long integers. Certificate users MUST be able to handle serialNumber values up to 20 octets. Conforming CAs MUST NOT use serialNumber values longer than 20 octets.

Please check if the comments in this place are correct. Thank you.

bhudson33 commented 5 years ago

you are correct. the comment should say 5280 not 5290. I will correct this. Thanks!