cURL / Mailing Lists / curl-users / Single Mail


CURLOPT_CERTINFO truncated to 2048 chars

From: Sky (Jim Schuyler) <>
Date: Wed, 8 Oct 2014 20:58:51 -0700

I’m using php5-curl for HTTPS and use the CURLOPT_CERTINFO option to report back the certificates that are seen and the narrative of the certificate checking process.

The information returned for a cert in that flow is truncated to 2048 bytes from the start of “——BEGIN CERTIFICATE——“ to wherever the 2048 bytes end. Sometimes the ——END CERTIFICATE—— is within this range and sometimes not.

(I emphasize that the report itself may be way longer than 2048, but the cert info itself in all cases is truncated to 2048 characters before the report runs on with “*” and the next line of the report.)

Consequently I can’t actually see, save or compare the full cert that was presented by the server.

In addition, sometimes when the full certificate is shorter than 2048 bytes there will be junk at the end after the ——END CERTIFICATE—— and other times it’s cleanly ended at the actual end of the cert. The kind of junk that appears there is another story — sometimes looks like background memory and sometimes like cert info, but not from the cert that’s being checked.

I”m using libcurl 7.35 (it’s the latest I have available on a clean Ubuntu 14.04 LTS install) and have checked the email list archives going a year back but found nothing regarding this being reported or fixed. If there’s a way to use apt-get to upgrade to the current version, I can try it, but I don’t really know how to do that.

I’m also happy to go check the current code and have downloaded the source, and can wade into that next, but perhaps you know already where to look.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sky (Jim Schuyler)
—The future has arrived, and the label says “some assembly required.”

-Keeping the flame of free speech
      and human rights alive online

List admin:
Received on 2014-10-09