diff options
| author | Alexandr Nedvedicky <sashan@openssl.org> | 2024-03-08 11:21:18 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-03-12 19:35:41 +0100 |
| commit | 7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d (patch) | |
| tree | 5647518eee7a0d5b854f42d78bfab5ab3535219c /CHANGES.md | |
| parent | Add check for xor_get_aid() (diff) | |
| download | openssl-7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d.tar.xz openssl-7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d.zip | |
Limit the number of http headers when receiving the http response
Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).
Fixes #22264
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index ac6b7525bf..ddb2ba56a2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -155,6 +155,14 @@ OpenSSL 3.3 *Hugo Landau* + * New limit on HTTP response headers is introduced to HTTP client. The + default limit is set to 256 header lines. If limit is exceeded the + response processing stops with error HTTP_R_RESPONSE_TOO_MANY_HDRLINES. + Application may call OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3) + to change the default. Setting the value to 0 disables the limit. + + *Alexandr Nedvedicky* + OpenSSL 3.2 ----------- |