Skip to content

[libcurl] certificate field get truncated #4837

New issue
New issue
Closed
Closed
[libcurl] certificate field get truncated#4837
Labels
TLS
@bmfp

Description

@bmfp
bmfp
opened on Jan 21, 2020

TL;DR
When using libcurl, at least "X509v3 Subject Alternative Name" field gets truncated after 512 characters, I didn't observe/test it on other fields

I did this

I expected the following

  • with certinfo.c, show all SAN items, but got :
X509v3 Subject Alternative Name:DNS:consent.oath.com,DNS:consent.yahoo.com,DNS:guce.verizonmedia.com,DNS:guce2.oath.com,DNS:guce.alephd.com,DNS:guce.aol.ca,DNS:guce.aol.co.uk,DNS:guce.huffingtonpost.co.uk,DNS:guce.huffingtonpost.co.za,DNS:guce.huffingtonpost.com.au,DNS:guce.huffingtonpost.com.mx,DNS:guce.huffingtonpost.de,DNS:guce.huffingtonpost.es,DNS:guce.huffingtonpost.fr,DNS:guce.huffingtonpost.gr,DNS:guce.huffingtonpost.in,DNS:guce.huffingtonpost.it,DNS:guce.huffingtonpost.jp,DNS:guce.huffingtonpost.kr,DNS:guce.huffpost.com,DNS:guce
  • with 2nd test, show that certificate is valid : this one is ok
    subjectAltName: host "guce.nexage.com" matched cert's "guce.nexage.com"

curl/libcurl version

ii  curl                                            7.58.0-2ubuntu3.8                                   amd64        command line tool for transferring data with URL syntax
ii  libcurl3-gnutls:amd64                           7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libcurl4:amd64                                  7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (OpenSSL flavour)
ii  libcurl4-openssl-dev:amd64                      7.58.0-2ubuntu3.8                                   amd64        development files and documentation for libcurl (OpenSSL flavour)

[curl -V output]

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

operating system

uname -a
Linux r01 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Activity

bagder
added
TLS
on Jan 22, 2020
bagder

bagder commented on Jan 22, 2020

@bagder
bagder
on Jan 22, 2020
Member

Your -V shows your curl uses OpenSSL, so that list item libcurl3-gnutls:amd64 is probably not relevant here.

bagder
added a commit that references this issue on Jan 22, 2020

openssl: make CURLINFO_CERTINFO not truncate x509v3 fields

5e30b05
bagder
mentioned this on Jan 22, 2020
bmfp

bmfp commented on Jan 22, 2020

@bmfp
bmfp
on Jan 22, 2020
Author

@bagder you're right !
the versions were only extracted with dpkg -l | grep curl

bagder
closed this as completedin 3ecdfb1on Jan 23, 2020
lock
locked as resolved and limited conversation to collaborators on Apr 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    TLS

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @bagder@bmfp

      Issue actions
        [libcurl] certificate field get truncated · Issue #4837 · curl/curl