Bug ID 1316277: Large CRL files may only be partially uploaded

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:

Opened: Jul 04, 2023

Severity: 3-Major

Related Article: K000137796


When updating a large CRL file in BIG-IP using tmsh, the file may only be partially read due to internal memory allocation failure. Please note that the size of the CRL file causing this issue varies across hardware types, network bandwidth and usage, and system resources.


When a large CRL file is attached to a profile, an update may indicate success when only a partial upload has occurred. Connections to VIP with this profile may have unexpected results, such as a certificate not being blocked as expected.


1. Using tmsh, a large CRL file is updated to an existing CRL. 2. This large CRL file is attached to multiple profiles. 3. The system is under heavy load


A large CRL file can be divided into smaller chunks and loaded into multiple profiles.

Fix Information

If an error occurs during CRL upload or update, the profiles containing this partial CRL file will be invalidated and further connections to the VIP will be terminated. An error will be logged to /var/log/ltm whenever a CRL file read operation fails due to memory allocation. The log received will look like: 01260028:2: Profile <profile name> - cannot load <CRL file location> CRL file error: unable to load large CRL file - try chunking it to multiple files.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips