[libcurl] certificate field get truncated

[bmfp]

TL;DR
When using libcurl, at least "X509v3 Subject Alternative Name" field gets truncated after 512 characters, I didn't observe/test it on other fields

I did this

• built https://github.com/curl/curl/raw/master/docs/examples/certinfo.c, replacing www.example.com with guce.nexage.com, which is at the end of a long SAN list
• performed curl -s -v https://guce.nexage.com > /dev/null

I expected the following

• with certinfo.c, show all SAN items, but got :

X509v3 Subject Alternative Name:DNS:consent.oath.com,DNS:consent.yahoo.com,DNS:guce.verizonmedia.com,DNS:guce2.oath.com,DNS:guce.alephd.com,DNS:guce.aol.ca,DNS:guce.aol.co.uk,DNS:guce.huffingtonpost.co.uk,DNS:guce.huffingtonpost.co.za,DNS:guce.huffingtonpost.com.au,DNS:guce.huffingtonpost.com.mx,DNS:guce.huffingtonpost.de,DNS:guce.huffingtonpost.es,DNS:guce.huffingtonpost.fr,DNS:guce.huffingtonpost.gr,DNS:guce.huffingtonpost.in,DNS:guce.huffingtonpost.it,DNS:guce.huffingtonpost.jp,DNS:guce.huffingtonpost.kr,DNS:guce.huffpost.com,DNS:guce

• with 2nd test, show that certificate is valid : this one is ok
  subjectAltName: host "guce.nexage.com" matched cert's "guce.nexage.com"

curl/libcurl version

ii  curl                                            7.58.0-2ubuntu3.8                                   amd64        command line tool for transferring data with URL syntax
ii  libcurl3-gnutls:amd64                           7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libcurl4:amd64                                  7.58.0-2ubuntu3.8                                   amd64        easy-to-use client-side URL transfer library (OpenSSL flavour)
ii  libcurl4-openssl-dev:amd64                      7.58.0-2ubuntu3.8                                   amd64        development files and documentation for libcurl (OpenSSL flavour)

[curl -V output]

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

operating system

uname -a
Linux r01 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[bagder]

Your -V shows your curl uses OpenSSL, so that list item libcurl3-gnutls:amd64 is probably not relevant here.

[bmfp]

@bagder you're right !
the versions were only extracted with dpkg -l | grep curl