cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: CURLOPT_CERTINFO truncated to 2048 chars

From: Sky (Jim Schuyler) <sky_at_cyberspark.net>
Date: Thu, 9 Oct 2014 10:18:29 -0700

Yes, I will put a live example online shortly. Let me point out I’m using php5-curl, which I believe uses libcurl, but I should verify this with you before I go run more tests. Don’t want to waste your time if I’m not even using the libcurl 7.35 that I think I am. (If I didn’t say it, thank you for this great package.)

I do understand that php5-curl is a wrapper and that it might be doing something with the analysis. And I don’t know for sure that the analysis comes from libcurl, so please let me know if I’m climbing wrong tree.

dog_at_sydney:~# apt-cache madison php5-curl
 php5-curl | 5.5.9+dfsg-1ubuntu4.4 | http://mirror.rackspace.com/ubuntu/ trusty-updates/main amd64 Packages
 php5-curl | 5.5.9+dfsg-1ubuntu4.4 | http://mirror.rackspace.com/ubuntu/ trusty-security/main amd64 Packages
 php5-curl | 5.5.9+dfsg-1ubuntu4 | http://mirror.rackspace.com/ubuntu/ trusty/main amd64 Packages
      php5 | 5.5.9+dfsg-1ubuntu4 | http://mirror.rackspace.com/ubuntu/ trusty/main Sources
      php5 | 5.5.9+dfsg-1ubuntu4.4 | http://mirror.rackspace.com/ubuntu/ trusty-updates/main Sources
      php5 | 5.5.9+dfsg-1ubuntu4.4 | http://mirror.rackspace.com/ubuntu/ trusty-security/main Sources
dog@ sydney:~# apt-cache madison curl
      curl | 7.35.0-1ubuntu2.1 | http://mirror.rackspace.com/ubuntu/ trusty-updates/main amd64 Packages
      curl | 7.35.0-1ubuntu2.1 | http://mirror.rackspace.com/ubuntu/ trusty-security/main amd64 Packages
      curl | 7.35.0-1ubuntu2 | http://mirror.rackspace.com/ubuntu/ trusty/main amd64 Packages
      curl | 7.35.0-1ubuntu2 | http://mirror.rackspace.com/ubuntu/ trusty/main Sources
      curl | 7.35.0-1ubuntu2.1 | http://mirror.rackspace.com/ubuntu/ trusty-updates/main Sources
      curl | 7.35.0-1ubuntu2.1 | http://mirror.rackspace.com/ubuntu/ trusty-security/main Sources

Also my code reports the current versions (from curl info) this way:
OK [ssl] Verify SSL/HTTPS on au.yahoo.com using php5_curl '7.35.0' with OpenSSL 'OpenSSL/1.0.1f’

To start the process, I will include one “narrative” that I got when hitting https://au.yahoo.com/?p=en yesterday.

The certificate beginning
MIIIdzCCB1+gAwIBAgIQTusxCWM5To6gTnCcqR3NpjANBgkqhkiG9w0BAQUFADCB
is longer than 2048 bytes.

The certificate beginning
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
is shorter than 2048 and appears in full.

The code that produces it is:

                                if ($tf = tmpfile()) {
                                        $ch = curl_init();
                                        curl_setopt($ch, CURLOPT_URL, 'https://au.yahoo.com/?p=en');
                                        curl_setopt($ch, CURLOPT_STDERR, $tf);
                                        curl_setopt($ch, CURLOPT_CERTINFO, 1);
                                        curl_setopt($ch, CURLOPT_VERBOSE, true);
                                        curl_setopt($ch, CURLOPT_HEADER, false);
                                        curl_setopt($ch, CURLOPT_NOBODY, 1);
                                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
                                        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
                                        curl_setopt($ch, CURLOPT_SSLVERSION, 3);
                                        $curlResult = curl_exec($ch);
                                        fseek($tf, 0); // rewind
                                        // Get the full analysis that was returned from the SSL connection
                                        // Note there is an absolute maximum size of 100000 used on the overall report.
                                        $s = fread($tf, 100000);
                                        if ($s !== false) {
                                                echo $s;
                                        }
                                        fclose($tf);
                                        curl_close($ch);

The result is below. If you look for a ‘——BEGIN CERTIFICATE——‘ and then scrape from the start of that string through the following “*” (continuation of the output of the analysis) and paste it somewhere that can count the length, you’ll find it’s exactly 2048 characters long and in the case of one cert does not contain an ‘——END CERTIFICATE——‘ because the cert is longer than 2048.

* Rebuilt URL to: https://au.yahoo.com/
* Hostname was found in DNS cache
* Trying 206.190.36.45...
* Connected to au.yahoo.com (206.190.36.45) port 443 (#3)
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES128-SHA
* --- Certificate chain
* 0 Subject: C=US; ST=California; L=Sunnyvale; O=Yahoo Inc.; OU=Information Technology; CN=www.yahoo.com
* Issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
* Version: 3 (0x2)
* Serial Number:
* Signature Algorithm: sha1WithRSAEncryption
* Start date: 2014-09-24 00:00:00 GMT
* Expire date: 2015-09-25 23:59:59 GMT
* Public Key Algorithm: rsaEncryption
* RSA Public Key (2048 bits)
* rsa(n): cb:b3:cf:6d:6f:6b:23:6e:eb:b0:8f:0a:ad:aa:98:ba:1a:d9:26:1e:88:52:32:71:63:c9:79:c4:82:2e:c8:22:b4:cd:2f:04:9f:95:2d:83:a9:52:22:07:24:00:42:ee:18:17:07:46:29:73:18:97:c5:b8:69:06:78:22:70:22:d0:13:4a:11:86:2b:53:9a:49:69:c5:a2:77:b4:2b:3b:f1:75:f9:a4:83:8d:3e:8e:65:fb:17:a0:ac:14:7d:87:ed:d4:a6:5c:99:b7:c8:f4:de:a0:6a:13:d9:33:41:27:6a:71:54:cf:c2:49:d4:c6:8b:1e:2c:3b:f3:1d:bc:da:bb:11:c1:fe:06:62:9c:3b:2b:bf:8d:43:cb:7b:7b:51:4f:9f:f4:1f:d2:99:6f:a1:24:9b:64:65:5f:2c:d0:95:ad:98:b6:6a:02:24:3f:c7:f3:ad:3f:47:b1:57:bf:dd:a0:c2:ed:dd:a4:e1:a3:74:24:1b:73:5f:a7:8e:8b:09:10:bc:ea:a6:26:aa:3c:57:73:e4:6a:d6:53:6f:9c:aa:f8:f8:9b:bf:22:f6:72:d5:9f:fe:e0:e2:a3:38:8f:b7:d2:ad:91:22:82:36:c1:e6:ae:83:64:6e:07:16:80:f7:59:c4:4d:f4:f4:5e:c8:de:4d:6b:e6:b5:30:ea:8f:0f:
* rsa(e): 01:00:01:
* X509v3 Subject Alternative Name:
* DNS:www.yahoo.com,DNS:yahoo.com,DNS:hsrd.yahoo.com,DNS:us.yahoo.com,DNS:fr.yahoo.com,DNS:uk.yahoo.com,DNS:za.yahoo.com,DNS:ie.yahoo.com,DNS:it.yahoo.com,DNS:es.yahoo.com,DNS:de.yahoo.com,DNS:ca.yahoo.com,DNS:qc.yahoo.com,DNS:br.yahoo.com,DNS:ro.yahoo.com,DNS:se.yahoo.com,DNS:be.yahoo.com,DNS:fr-be.yahoo.com,DNS:ar.yahoo.com,DNS:mx.yahoo.com,DNS:cl.yahoo.com,DNS:co.yahoo.com,DNS:ve.yahoo.com,DNS:espanol.yahoo.com,DNS:pe.yahoo.com,DNS:in.yahoo.com,DNS:sg.yahoo.com,DNS:id.yahoo.com,DNS:malaysia.yahoo.com,DNS:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage: (critical)
* DigitalSignature,KeyEncipherment
* X509v3 Extended Key Usage:
* TLSWebServerAuthentication,TLSWebClientAuthentication
* X509v3 Certificate Policies:
* Policy:2.16.840.1.113733.1.7.54, CPS:https://d.symcb.com/cps, UserNotice:, ExplicitText:https://d.symcb.com/rpa
* X509v3 Authority Key Identifier:
* keyid:0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5
* X509v3 CRL Distribution Points:
* , FullName:, URI:http://sd.symcb.com/sd.crl
* Authority Information Access:
* OCSP-URI:http://sd.symcd.com, CAIssuers-URI:http://sd.symcb.com/sd.crt
* Signature: 8d:ab:7a:6a:9e:dc:ca:64:5b:10:11:43:d6:45:06:17:6b:32:e7:43:ed:96:68:7d:61:98:c4:76:97:06:79:ab:1c:ee:f4:ac:67:97:34:88:63:90:62:4c:12:e4:9c:b1:eb:aa:38:11:e9:8a:d2:14:f9:07:cd:6d:ee:b4:05:ce:cd:65:d0:72:69:39:00:fa:3b:3a:3b:06:de:3b:7e:82:c1:69:31:bc:e4:09:7c:f8:b3:ff:9e:d4:a2:40:17:42:68:c0:bf:91:0b:ac:c6:ee:dc:91:33:85:e0:e4:43:f2:d8:b3:5d:a4:33:f7:c0:e8:49:26:cf:3d:a6:3f:c0:40:78:0d:62:0d:aa:10:37:be:3f:20:db:be:ea:ed:99:1d:cd:b6:75:23:03:13:c8:4d:86:c5:c5:bd:fe:d5:ad:3c:5a:2d:5c:c9:72:6a:b5:f7:de:1c:41:a8:f8:a7:20:87:5b:67:00:07:2c:48:4e:22:b3:28:19:88:a0:e9:a5:11:c5:f7:29:18:29:18:51:a9:95:ab:21:8b:9e:96:c5:30:15:6f:ae:55:31:07:1c:2c:3a:f9:75:d7:66:8b:b2:fd:47:fe:f3:ea:9e:e2:cd:e2:92:d0:23:83:ce:af:04:b6:14:51:5e:63:65:da:d4:f7:28:82:9c:82:31:15:bc:29:
* -----BEGIN CERTIFICATE-----
MIIIdzCCB1+gAwIBAgIQTusxCWM5To6gTnCcqR3NpjANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwOTI0
MDAwMDAwWhcNMTUwOTI1MjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExEjAQBgNVBAcUCVN1bm55dmFsZTETMBEGA1UEChQKWWFob28g
SW5jLjEfMB0GA1UECxQWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEWMBQGA1UEAxQN
d3d3LnlhaG9vLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMuz
z21vayNu67CPCq2qmLoa2SYeiFIycWPJecSCLsgitM0vBJ+VLYOpUiIHJABC7hgX
B0YpcxiXxbhpBngicCLQE0oRhitTmklpxaJ3tCs78XX5pIONPo5l+xegrBR9h+3U
plyZt8j03qBqE9kzQSdqcVTPwknUxoseLDvzHbzauxHB/gZinDsrv41Dy3t7UU+f
9B/SmW+hJJtkZV8s0JWtmLZqAiQ/x/OtP0exV7/doMLt3aTho3QkG3Nfp46LCRC8
6qYmqjxXc+Rq1lNvnKr4+Ju/IvZy1Z/+4OKjOI+30q2RIoI2weaug2RuBxaA91nE
TfT0XsjeTWvmtTDqjw8CAwEAAaOCBLAwggSsMIIDYAYDVR0RBIIDVzCCA1OCDXd3
dy55YWhvby5jb22CCXlhaG9vLmNvbYIOaHNyZC55YWhvby5jb22CDHVzLnlhaG9v
LmNvbYIMZnIueWFob28uY29tggx1ay55YWhvby5jb22CDHphLnlhaG9vLmNvbYIM
aWUueWFob28uY29tggxpdC55YWhvby5jb22CDGVzLnlhaG9vLmNvbYIMZGUueWFo
b28uY29tggxjYS55YWhvby5jb22CDHFjLnlhaG9vLmNvbYIMYnIueWFob28uY29t
ggxyby55YWhvby5jb22CDHNlLnlhaG9vLmNvbYIMYmUueWFob28uY29tgg9mci1i
ZS55YWhvby5jb22CDGFyLnlhaG9vLmNvbYIMbXgueWFob28uY29tggxjbC55YWhv
by5jb22CDGNvLnlhaG9vLmNvbYIMdmUueWFob28uY29tghFlc3Bhbm9sLnlhaG9v
LmNvbYIMcGUueWFob28uY29tggxpbi55YWhvby5jb22CDHNnLnlhaG9vLmNvbYIM
aWQueWFob28uY29tghJtYWxheXNpYS55YWhvby5jb22CDHBoLnlhaG9vLmNvbYIM
dm4ueWFob28uY29tghFtYWt0b29iLnlhaG9vLmNvbYIUZW4tbWFrdG9vYi55YWhv
by5jb22CD2NhLm15LnlhaG9vLmNvbYIMZ3IueWFob28uY29tgg1hdHQueWFob28u
Y29tggxhdS55YWhvby5jb22CDG56LnlhaG9vLmNvbYIMdHcueWFob28uY29tggxo
ay55YWhvby5jb22CDWJyYi55YWhvby5jb22CDG15LnlhaG9vLmNvbYIQYWRkLm15
LnlhaG9vLmNvbYIVZXNwYW5vbC5hdHQueWFob28uY29tghJmcm9udGllci55YWhv
by5jb22CEXZlcml6b24ueWFob28uY29tghNjYS5yb2dlcnMueWFob28uY29tghZm
ci1jYS5yb2dlcnMueWFob28uY29tghR0YXRhZG9jb21vLnlhaG9vLmNvbYIQdGlr
b25hL* 1 Subject: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
* Issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2006 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G5
* Version: 3 (0x2)
* Serial Number:
* Signature Algorithm: sha1WithRSAEncryption
* Start date: 2010-02-08 00:00:00 GMT
* Expire date: 2020-02-07 23:59:59 GMT
* Public Key Algorithm: rsaEncryption
* RSA Public Key (2048 bits)
* rsa(n): b1:87:84:1f:c2:0c:45:f5:bc:ab:25:97:a7:ad:a2:3e:9c:ba:f6:c1:39:b8:8b:ca:c2:ac:56:c6:e5:bb:65:8e:44:4f:4d:ce:6f:ed:09:4a:d4:af:4e:10:9c:68:8b:2e:95:7b:89:9b:13:ca:e2:34:34:c1:f3:5b:f3:49:7b:62:83:48:81:74:d1:88:78:6c:02:53:f9:bc:7f:43:26:57:58:33:83:3b:33:0a:17:b0:d0:4e:91:24:ad:86:7d:64:12:dc:74:4a:34:a1:1d:0a:ea:96:1d:0b:15:fc:a3:4b:3b:ce:63:88:d0:f8:2d:0c:94:86:10:ca:b6:9a:3d:ca:eb:37:9c:00:48:35:86:29:50:78:e8:45:63:cd:19:41:4f:f5:95:ec:7b:98:d4:c4:71:b3:50:be:28:b3:8f:a0:b9:53:9c:f5:ca:2c:23:a9:fd:14:06:e8:18:b4:9a:e8:3c:6e:81:fd:e4:cd:35:36:b3:51:d3:69:ec:12:ba:56:6e:6f:9b:57:c5:8b:14:e7:0e:c7:9c:ed:4a:54:6a:c9:4d:c5:bf:11:b1:ae:1c:67:81:cb:44:55:33:99:7f:24:9b:3f:53:45:7f:86:1a:f3:3c:fa:6d:7f:81:f5:b8:4a:d3:f5:85:37:1c:b5:a6:d0:09:e4:18:7b:38:4e:fa:0f:
* rsa(e): 01:00:01:
* Authority Information Access:
* OCSP-URI:http://ocsp.verisign.com
* X509v3 Basic Constraints: (critical)
* CA:TRUE,pathlen:0
* X509v3 Certificate Policies:
* Policy:2.16.840.1.113733.1.7.23.3, CPS:https://www.verisign.com/cps, UserNotice:, ExplicitText:https://www.verisign.com/rpa
* X509v3 CRL Distribution Points:
* , FullName:, URI:http://crl.verisign.com/pca3-g5.crl
* X509v3 Key Usage: (critical)
* CertificateSign,CRLSign
* 1.3.6.1.5.5.7.1.12:
* 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
* X509v3 Subject Alternative Name:
* DirName:/CN=VeriSignMPKI-2-6
* X509v3 Subject Key Identifier:
* 0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5
* X509v3 Authority Key Identifier:
* keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
* Signature: 0c:83:24:ef:dd:c3:0c:d9:58:9c:fe:36:b6:eb:8a:80:4b:d1:a3:f7:9d:f3:cc:53:ef:82:9e:a3:a1:e6:97:c1:58:9d:75:6c:e0:1d:1b:4c:fa:d1:c1:2d:05:c0:ea:6e:b2:22:70:55:d9:20:33:40:33:07:c2:65:83:fa:8f:43:37:9b:ea:0e:9a:6c:70:ee:f6:9c:80:3b:d9:37:f4:7a:6d:ec:d0:18:7d:49:4a:ca:99:c7:19:28:a2:be:d8:77:24:f7:85:26:86:6d:87:05:40:41:67:d1:27:3a:ed:dc:48:1d:22:cd:0b:0b:8b:bc:f4:b1:7b:fd:b4:99:a8:e9:76:2a:e1:1a:2d:87:6e:74:d3:88:dd:1e:22:c6:df:16:b6:2b:82:14:0a:94:5c:f2:50:ec:af:ce:ff:62:37:0d:ad:65:d3:06:41:53:ed:02:14:c8:b5:58:28:a1:ac:e0:5b:ec:b3:7f:95:4a:fb:03:c8:ad:26:db:e6:66:78:12:4a:d9:9f:42:fb:e1:98:e6:42:83:9b:8f:8f:67:24:e8:61:19:b5:dd:cd:b5:0b:26:05:8e:c3:6e:c4:c8:75:b8:46:cf:e2:18:06:5e:a9:ae:a8:81:9a:47:16:de:0c:28:6c:25:27:b9:de:b7:84:58:c6:1f:38:1e:a4:c4:cb:66:
* -----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy
aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG
5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8
f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK
tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo
GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV
M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz
aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4
RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw
czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG
A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu
Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w
GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ
KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB
WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6
bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp
dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg
W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4
Rs/iG* 2 Subject: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2006 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G5
* Issuer: C=US; O=VeriSign, Inc.; OU=Class 3 Public Primary Certification Authority
* Version: 3 (0x2)
* Serial Number:
* Signature Algorithm: sha1WithRSAEncryption
* Start date: 2006-11-08 00:00:00 GMT
* Expire date: 2021-11-07 23:59:59 GMT
* Public Key Algorithm: rsaEncryption
* RSA Public Key (2048 bits)
* rsa(n): af:24:08:08:29:7a:35:9e:60:0c:aa:e7:4b:3b:4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:08:a3:64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:2a:aa:a6:42:b3:8f:f8:b9:55:b7:b1:b7:4b:b3:fe:8f:7e:07:57:ec:ef:43:db:66:62:15:61:cf:60:0d:a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:54:85:26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:d8:43:63:6a:52:4b:d2:8f:e8:70:51:4d:d1:89:69:7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b:56:d3:96:bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:f4:06:04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:ba:f4:3c:ee:e0:8b:eb:37:8b:ec:f4:d7:ac:f2:f6:f0:3d:af:dd:75:91:33:19:1d:1c:40:cb:74:24:19:21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:63:47:88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:ae:0e:9d:d4:d1:43:c0:67:73:e3:14:08:7e:e5:3f:9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a:ee:53:e8:25:15:
* rsa(e): 01:00:01:
* X509v3 Basic Constraints: (critical)
* CA:TRUE
* X509v3 CRL Distribution Points:
* , FullName:, URI:http://crl.verisign.com/pca3.crl
* X509v3 Key Usage: (critical)
* CertificateSign,CRLSign
* X509v3 Certificate Policies:
* Policy:X509v3AnyPolicy, CPS:https://www.verisign.com/cps
* X509v3 Subject Key Identifier:
* 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
* 1.3.6.1.5.5.7.1.12:
* 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
* Authority Information Access:
* OCSP-URI:http://ocsp.verisign.com
* X509v3 Extended Key Usage:
* TLSWebServerAuthentication,TLSWebClientAuthentication,CodeSigning,NetscapeServerGatedCrypto,2.16.840.1.113733.1.8.1
* Signature: 13:02:dd:f8:e8:86:00:f2:5a:f8:f8:20:0c:59:88:62:07:ce:ce:f7:4e:f9:bb:59:a1:98:e5:e1:38:dd:4e:bc:66:18:d3:ad:eb:18:f2:0d:c9:6d:3e:4a:94:20:c3:3c:ba:bd:65:54:c6:af:44:b3:10:ad:2c:6b:3e:ab:d7:07:b6:b8:81:63:c5:f9:5e:2e:e5:2a:67:ce:cd:33:0c:2a:d7:89:56:03:23:1f:b3:be:e8:3a:08:59:b4:ec:45:35:f7:8a:5b:ff:66:cf:50:af:c6:6d:57:8d:19:78:b7:b9:a2:d1:57:ea:1f:9a:4b:af:ba:c9:8e:12:7e:c6:bd:ff:
* -----BEGIN CERTIFICATE-----
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb
ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR
TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH
iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB
AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0
dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9
BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy
aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI
KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC
BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA
A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K
lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ
tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
-----END CERTIFICATE-----

* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Yahoo Inc.; OU=Information Technology; CN=www.yahoo.com
* start date: 2014-09-24 00:00:00 GMT
* expire date: 2015-09-25 23:59:59 GMT
* subjectAltName: au.yahoo.com matched
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
* SSL certificate verify ok.
> HEAD / HTTP/1.1
Host: au.yahoo.com
Accept: */*

< HTTP/1.1 302 Found
< Date: Thu, 09 Oct 2014 02:40:51 GMT
< P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
< Location: http://brb.yahoo.com
< Vary: Accept-Encoding
< Content-Type: text/html
< Age: 0
< Via: http/1.1 fs3.fp.gq1.yahoo.com (ApacheTrafficServer/4.0.2 [cMsSf ]), https/1.1 ir10.fp.gq1.yahoo.com (ApacheTrafficServer)
* Server ATS is not blacklisted
< Server: ATS
< Connection: keep-alive
<
* Connection #3 to host au.yahoo.com left intact

          SAVED NEW BASELINE CERT(S) AS FOLLOWS:
-----BEGIN CERTIFICATE-----
MIIIdzCCB1+gAwIBAgIQTusxCWM5To6gTnCcqR3NpjANBgkqhkiG9w0BAQUFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwOTI0
MDAwMDAwWhcNMTUwOTI1MjM1OTU5WjCBhDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExEjAQBgNVBAcUCVN1bm55dmFsZTETMBEGA1UEChQKWWFob28g
SW5jLjEfMB0GA1UECxQWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEWMBQGA1UEAxQN
d3d3LnlhaG9vLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMuz
z21vayNu67CPCq2qmLoa2SYeiFIycWPJecSCLsgitM0vBJ+VLYOpUiIHJABC7hgX
B0YpcxiXxbhpBngicCLQE0oRhitTmklpxaJ3tCs78XX5pIONPo5l+xegrBR9h+3U
plyZt8j03qBqE9kzQSdqcVTPwknUxoseLDvzHbzauxHB/gZinDsrv41Dy3t7UU+f
9B/SmW+hJJtkZV8s0JWtmLZqAiQ/x/OtP0exV7/doMLt3aTho3QkG3Nfp46LCRC8
6qYmqjxXc+Rq1lNvnKr4+Ju/IvZy1Z/+4OKjOI+30q2RIoI2weaug2RuBxaA91nE
TfT0XsjeTWvmtTDqjw8CAwEAAaOCBLAwggSsMIIDYAYDVR0RBIIDVzCCA1OCDXd3
dy55YWhvby5jb22CCXlhaG9vLmNvbYIOaHNyZC55YWhvby5jb22CDHVzLnlhaG9v
LmNvbYIMZnIueWFob28uY29tggx1ay55YWhvby5jb22CDHphLnlhaG9vLmNvbYIM
aWUueWFob28uY29tggxpdC55YWhvby5jb22CDGVzLnlhaG9vLmNvbYIMZGUueWFo
b28uY29tggxjYS55YWhvby5jb22CDHFjLnlhaG9vLmNvbYIMYnIueWFob28uY29t
ggxyby55YWhvby5jb22CDHNlLnlhaG9vLmNvbYIMYmUueWFob28uY29tgg9mci1i
ZS55YWhvby5jb22CDGFyLnlhaG9vLmNvbYIMbXgueWFob28uY29tggxjbC55YWhv
by5jb22CDGNvLnlhaG9vLmNvbYIMdmUueWFob28uY29tghFlc3Bhbm9sLnlhaG9v
LmNvbYIMcGUueWFob28uY29tggxpbi55YWhvby5jb22CDHNnLnlhaG9vLmNvbYIM
aWQueWFob28uY29tghJtYWxheXNpYS55YWhvby5jb22CDHBoLnlhaG9vLmNvbYIM
dm4ueWFob28uY29tghFtYWt0b29iLnlhaG9vLmNvbYIUZW4tbWFrdG9vYi55YWhv
by5jb22CD2NhLm15LnlhaG9vLmNvbYIMZ3IueWFob28uY29tgg1hdHQueWFob28u
Y29tggxhdS55YWhvby5jb22CDG56LnlhaG9vLmNvbYIMdHcueWFob28uY29tggxo
ay55YWhvby5jb22CDWJyYi55YWhvby5jb22CDG15LnlhaG9vLmNvbYIQYWRkLm15
LnlhaG9vLmNvbYIVZXNwYW5vbC5hdHQueWFob28uY29tghJmcm9udGllci55YWhv
by5jb22CEXZlcml6b24ueWFob28uY29tghNjYS5yb2dlcnMueWFob28uY29tghZm
ci1jYS5yb2dlcnMueWFob28uY29tghR0YXRhZG9jb21vLnlhaG9vLmNvbYIQdGlr
b25hL* 1 Subject: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
* Issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2006 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G5
* Version: 3 (0x2)
* Serial Number:
* Signature Algorithm: sha1WithRSAEncryption
* Start date: 2010-02-08 00:00:00 GMT
* Expire date: 2020-02-07 23:59:59 GMT
* Public Key Algorithm: rsaEncryption
* RSA Public Key (2048 bits)
* rsa(n): b1:87:84:1f:c2:0c:45:f5:bc:ab:25:97:a7:ad:a2:3e:9c:ba:f6:c1:39:b8:8b:ca:c2:ac:56:c6:e5:bb:65:8e:44:4f:4d:ce:6f:ed:09:4a:d4:af:4e:10:9c:68:8b:2e:95:7b:89:9b:13:ca:e2:34:34:c1:f3:5b:f3:49:7b:62:83:48:81:74:d1:88:78:6c:02:53:f9:bc:7f:43:26:57:58:33:83:3b:33:0a:17:b0:d0:4e:91:24:ad:86:7d:64:12:dc:74:4a:34:a1:1d:0a:ea:96:1d:0b:15:fc:a3:4b:3b:ce:63:88:d0:f8:2d:0c:94:86:10:ca:b6:9a:3d:ca:eb:37:9c:00:48:35:86:29:50:78:e8:45:63:cd:19:41:4f:f5:95:ec:7b:98:d4:c4:71:b3:50:be:28:b3:8f:a0:b9:53:9c:f5:ca:2c:23:a9:fd:14:06:e8:18:b4:9a:e8:3c:6e:81:fd:e4:cd:35:36:b3:51:d3:69:ec:12:ba:56:6e:6f:9b:57:c5:8b:14:e7:0e:c7:9c:ed:4a:54:6a:c9:4d:c5:bf:11:b1:ae:1c:67:81:cb:44:55:33:99:7f:24:9b:3f:53:45:7f:86:1a:f3:3c:fa:6d:7f:81:f5:b8:4a:d3:f5:85:37:1c:b5:a6:d0:09:e4:18:7b:38:4e:fa:0f:
* rsa(e): 01:00:01:
* Authority Information Access:
* OCSP-URI:http://ocsp.verisign.com
* X509v3 Basic Constraints: (critical)
* CA:TRUE,pathlen:0
* X509v3 Certificate Policies:
* Policy:2.16.840.1.113733.1.7.23.3, CPS:https://www.verisign.com/cps, UserNotice:, ExplicitText:https://www.verisign.com/rpa
* X509v3 CRL Distribution Points:
* , FullName:, URI:http://crl.verisign.com/pca3-g5.crl
* X509v3 Key Usage: (critical)
* CertificateSign,CRLSign
* 1.3.6.1.5.5.7.1.12:
* 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
* X509v3 Subject Alternative Name:
* DirName:/CN=VeriSignMPKI-2-6
* X509v3 Subject Key Identifier:
* 0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5
* X509v3 Authority Key Identifier:
* keyid:7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
* Signature: 0c:83:24:ef:dd:c3:0c:d9:58:9c:fe:36:b6:eb:8a:80:4b:d1:a3:f7:9d:f3:cc:53:ef:82:9e:a3:a1:e6:97:c1:58:9d:75:6c:e0:1d:1b:4c:fa:d1:c1:2d:05:c0:ea:6e:b2:22:70:55:d9:20:33:40:33:07:c2:65:83:fa:8f:43:37:9b:ea:0e:9a:6c:70:ee:f6:9c:80:3b:d9:37:f4:7a:6d:ec:d0:18:7d:49:4a:ca:99:c7:19:28:a2:be:d8:77:24:f7:85:26:86:6d:87:05:40:41:67:d1:27:3a:ed:dc:48:1d:22:cd:0b:0b:8b:bc:f4:b1:7b:fd:b4:99:a8:e9:76:2a:e1:1a:2d:87:6e:74:d3:88:dd:1e:22:c6:df:16:b6:2b:82:14:0a:94:5c:f2:50:ec:af:ce:ff:62:37:0d:ad:65:d3:06:41:53:ed:02:14:c8:b5:58:28:a1:ac:e0:5b:ec:b3:7f:95:4a:fb:03:c8:ad:26:db:e6:66:78:12:4a:d9:9f:42:fb:e1:98:e6:42:83:9b:8f:8f:67:24:e8:61:19:b5:dd:cd:b5:0b:26:05:8e:c3:6e:c4:c8:75:b8:46:cf:e2:18:06:5e:a9:ae:a8:81:9a:47:16:de:0c:28:6c:25:27:b9:de:b7:84:58:c6:1f:38:1e:a4:c4:cb:66:
* -----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy
aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG
5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8
f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK
tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo
GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV
M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz
aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4
RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw
czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG
A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu
Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w
GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+
HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ
KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB
WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6
bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp
dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg
W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4
Rs/iG* 2 Subject: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=(c) 2006 VeriSign, Inc. - For authorized use only; CN=VeriSign Class 3 Public Primary Certification Authority - G5
* Issuer: C=US; O=VeriSign, Inc.; OU=Class 3 Public Primary Certification Authority
* Version: 3 (0x2)
* Serial Number:
* Signature Algorithm: sha1WithRSAEncryption
* Start date: 2006-11-08 00:00:00 GMT
* Expire date: 2021-11-07 23:59:59 GMT
* Public Key Algorithm: rsaEncryption
* RSA Public Key (2048 bits)
* rsa(n): af:24:08:08:29:7a:35:9e:60:0c:aa:e7:4b:3b:4e:dc:7c:bc:3c:45:1c:bb:2b:e0:fe:29:02:f9:57:08:a3:64:85:15:27:f5:f1:ad:c8:31:89:5d:22:e8:2a:aa:a6:42:b3:8f:f8:b9:55:b7:b1:b7:4b:b3:fe:8f:7e:07:57:ec:ef:43:db:66:62:15:61:cf:60:0d:a4:d8:de:f8:e0:c3:62:08:3d:54:13:eb:49:ca:59:54:85:26:e5:2b:8f:1b:9f:eb:f5:a1:91:c2:33:49:d8:43:63:6a:52:4b:d2:8f:e8:70:51:4d:d1:89:69:7b:c7:70:f6:b3:dc:12:74:db:7b:5d:4b:56:d3:96:bf:15:77:a1:b0:f4:a2:25:f2:af:1c:92:67:18:e5:f4:06:04:ef:90:b9:e4:00:e4:dd:3a:b5:19:ff:02:ba:f4:3c:ee:e0:8b:eb:37:8b:ec:f4:d7:ac:f2:f6:f0:3d:af:dd:75:91:33:19:1d:1c:40:cb:74:24:19:21:93:d9:14:fe:ac:2a:52:c7:8f:d5:04:49:e4:8d:63:47:88:3c:69:83:cb:fe:47:bd:2b:7e:4f:c5:95:ae:0e:9d:d4:d1:43:c0:67:73:e3:14:08:7e:e5:3f:9f:73:b8:33:0a:cf:5d:3f:34:87:96:8a:ee:53:e8:25:15:
* rsa(e): 01:00:01:
* X509v3 Basic Constraints: (critical)
* CA:TRUE
* X509v3 CRL Distribution Points:
* , FullName:, URI:http://crl.verisign.com/pca3.crl
* X509v3 Key Usage: (critical)
* CertificateSign,CRLSign
* X509v3 Certificate Policies:
* Policy:X509v3AnyPolicy, CPS:https://www.verisign.com/cps
* X509v3 Subject Key Identifier:
* 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33
* 1.3.6.1.5.5.7.1.12:
* 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
* Authority Information Access:
* OCSP-URI:http://ocsp.verisign.com
* X509v3 Extended Key Usage:
* TLSWebServerAuthentication,TLSWebClientAuthentication,CodeSigning,NetscapeServerGatedCrypto,2.16.840.1.113733.1.8.1
* Signature: 13:02:dd:f8:e8:86:00:f2:5a:f8:f8:20:0c:59:88:62:07:ce:ce:f7:4e:f9:bb:59:a1:98:e5:e1:38:dd:4e:bc:66:18:d3:ad:eb:18:f2:0d:c9:6d:3e:4a:94:20:c3:3c:ba:bd:65:54:c6:af:44:b3:10:ad:2c:6b:3e:ab:d7:07:b6:b8:81:63:c5:f9:5e:2e:e5:2a:67:ce:cd:33:0c:2a:d7:89:56:03:23:1f:b3:be:e8:3a:08:59:b4:ec:45:35:f7:8a:5b:ff:66:cf:50:af:c6:6d:57:8d:19:78:b7:b9:a2:d1:57:ea:1f:9a:4b:af:ba:c9:8e:12:7e:c6:bd:ff:
* -----BEGIN CERTIFICATE-----
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb
ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR
TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH
iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB
AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0
dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9
BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy
aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI
KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC
BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA
A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K
lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ
tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
-----END CERTIFICATE-----

 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
CyberSpark.net
-Keeping the flame of free speech
      and human rights alive online

On Oct 9, 2014, at 1:52 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Wed, 8 Oct 2014, Sky (Jim Schuyler) wrote:
>
>> I’m using php5-curl for HTTPS and use the CURLOPT_CERTINFO option to report back the certificates that are seen and the narrative of the certificate checking process.
>>
>> The information returned for a cert in that flow is truncated to 2048 bytes from the start of “——BEGIN CERTIFICATE——“ to wherever the 2048 bytes end. Sometimes the ——END CERTIFICATE—— is within this range and sometimes not.
>
> It's not immediately obvious to me where this truncation would happen. Can you figure that out? There's a 8K buffer used at some places, could it be that you hit that limit somehow?
>
> Can you show us code that repeats this against a public site?
>
>> I”m using libcurl 7.35
>
> I don't think we've changed this particular thing since then anyway.
>
>> If there’s a way to use apt-get to upgrade to the current version, I can try it, but I don’t really know how to do that.
>
> You can probably get the dpkg package from a later version and install that.
>
>> I’m also happy to go check the current code and have downloaded the source, and can wade into that next, but perhaps you know already where to look.
>
> lib/vtls/openssl.c:get_cert_chain() is a good place to start!
>
> --
>
> / daniel.haxx.se-------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-09