don't know if this warrants a patch.

it seems I need to relax reporting this length
error to be able to make it through the handshake.

might be just a bug in the implementation I'm
trying to handshake with (still, I have to work
around it to make it through the handshake...),
or there is something else happening -- if so,
I missed it - ignoring this check makes it work:
the length fields of the individual DistinguishedName
(cas) read in the while loop are correct in this case.

Axel.