Skip to content

[libcurl] certificate field get truncated #4837

Closed
@bmfp

Description

@bmfp

TL;DR
When using libcurl, at least "X509v3 Subject Alternative Name" field gets truncated after 512 characters, I didn't observe/test it on other fields

I did this

I expected the following

  • with certinfo.c, show all SAN items, but got :
X509v3 Subject Alternative Name:DNS:consent.oath.com,DNS:consent.yahoo.com,DNS:guce.verizonmedia.com,DNS:guce2.oath.com,DNS:guce.alephd.com,DNS:guce.aol.ca,DNS:guce.aol.co.uk,DNS:guce.huffingtonpost.co.uk,DNS:guce.huffingtonpost.co.za,DNS:guce.huffingtonpost.com.au,DNS:guce.huffingtonpost.com.mx,DNS:guce.huffingtonpost.de,DNS:guce.huffingtonpost.es,DNS:guce.huffingtonpost.fr,DNS:guce.huffingtonpost.gr,DNS:guce.huffingtonpost.in,DNS:guce.huffingtonpost.it,DNS:guce.huffingtonpost.jp,DNS:guce.huffingtonpost.kr,DNS:guce.huffpost.com,DNS:guce
  • with 2nd test, show that certificate is valid : this one is ok
    subjectAltName: host "guce.nexage.com" matched cert's "guce.nexage.com"

curl/libcurl version

ii  curl                                            7.58.0-2ubuntu3.8                                   amd64        command line tool for transferring data with URL syntax
ii  libcurl3-gnutls:amd64                           7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libcurl4:amd64                                  7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (OpenSSL flavour)
ii  libcurl4-openssl-dev:amd64                      7.58.0-2ubuntu3.8                                   amd64        development files and documentation for libcurl (OpenSSL flavour)

[curl -V output]

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

operating system

uname -a
Linux r01 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions