On Wed, 8 Oct 2014, Sky (Jim Schuyler) wrote:

> I’m using php5-curl for HTTPS and use the CURLOPT_CERTINFO option to report
> back the certificates that are seen and the narrative of the certificate
> checking process.
>
> The information returned for a cert in that flow is truncated to 2048 bytes
> from the start of “——BEGIN CERTIFICATE——“ to wherever the 2048 bytes end.
> Sometimes the ——END CERTIFICATE—— is within this range and sometimes not.

It's not immediately obvious to me where this truncation would happen. Can you
figure that out? There's a 8K buffer used at some places, could it be that you
hit that limit somehow?

Can you show us code that repeats this against a public site?

> I”m using libcurl 7.35

I don't think we've changed this particular thing since then anyway.

> If there’s a way to use apt-get to upgrade to the current version, I can try
> it, but I don’t really know how to do that.

You can probably get the dpkg package from a later version and install that.

> I’m also happy to go check the current code and have downloaded the source,
> and can wade into that next, but perhaps you know already where to look.

lib/vtls/openssl.c:get_cert_chain() is a good place to start!

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-09