#1117 subject line of SSL certificates are truncated

closed-fixed
https (67)
5
2014-08-19
2012-06-07
No

The subject line of SSL certificates are truncated after 256 characters as reported by curl -v. For example

curl -v https://www.paypal.com

returns

* Server certificate:
* subject: 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; businessCategory=Private Organization; serialNumber=3014267; C=US; postalCode=95131-2021; ST=California; L=San Jose; street=2211 N 1st St; O=PayPal, Inc.; OU=PayPal Production; CN=www.paypal.

Note the CN= value truncates "com."

This was hit with curl 7.26.0 but is in all versions since commit https://github.com/bagder/curl/commit/4c9768565ec3a9baf26ac8a547bca6e42cc64fa5#L11L1652.

There appears to be no adverse effects in terms of establishing trust, but the output is confusing to users.

See the downstream Gentoo bug for more details: https://bugs.gentoo.org/show_bug.cgi?id=419703

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2012-06-08
    • milestone: --> bad_behaviour
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks