-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GnuTLS certificates can be bigger than MAX_X509_CERT
#14352
Comments
After some investigation, I noticed that the problem is happening on Line 1096 in 45246eb
Lines 1235 to 1252 in 45246eb
The certificate we get from the website has a size that's much bigger than |
sergiodj
pushed a commit
to sergiodj/curl
that referenced
this issue
Aug 2, 2024
When using GnuTLS we may see certificates whose sizes are bigger than 10000, so use MAX_X509_CERT as the maximum dynbuf size (instead of MAX_X509_STR). Closes: curl#14352 Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
Can reproduce. Analyzing the cause. |
icing
added a commit
to icing/curl
that referenced
this issue
Aug 2, 2024
Raise the limit for certification information from 10 thousand to 100 thousand bytes. Certificates can be larger than 10k. Change the infof() debug output to add '...' at the end when the max limit it can handle is exceeded. Refs curl#14352
I propose #14354 as fix for this. Could you verify? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
We've received the following bug in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076800
We are linking curl against GnuTLS, and the following error started happening:
I expected the following
When using curl linked against OpenSSL, I see:
The output above has been truncated for readability.
curl/libcurl version
curl 8.9.1
operating system
Debian unstable
The text was updated successfully, but these errors were encountered: