cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

[PATCH] Update NSS support

From: Rob Crittenden <rcritten_at_redhat.com>
Date: Fri, 14 Sep 2007 12:58:46 -0400

Fedora 8/rawhide has switched curl from using OpenSSL to using NSS as
the SSL engine. This illuminated some issues with the current NSS
module, notably its lack of support for file-based certificates and a
difference in the meaning of command-line arguments. This patch
addresses those.

The notable changes are:

- It looks for the NSS database first in the environment variable
SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if
neither of those exist.
- If the NSS PKCS#11 libnspsem.so driver is available then PEM files may
be loaded, including the ca-bundle. If it is not available then only
certificates already in the NSS database are used.
- Tries to detect whether a file or nickname is being passed in so the
right thing is done
- Added a bit of code to make the output more like the OpenSSL module,
including displaying the certificate information when connecting in
verbose mode
- Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will
with or without it, all that changes is the source of the certificates
and keys.

rob

Received on 2007-09-14

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET