On Fri, 14 Sep 2007, Rob Crittenden wrote:

Thanks for this NSS update!

> Fedora 8/rawhide has switched curl from using OpenSSL to using NSS as the
> SSL engine. This illuminated some issues with the current NSS module,
> notably its lack of support for file-based certificates and a difference in
> the meaning of command-line arguments. This patch addresses those.

[...]

> The libnsspem.so PKCS#11 module is currently only available in Fedora
> 8/rawhide. Work will be done soon to upstream it. The NSS module will with
> or without it, all that changes is the source of the certificates and keys.

First, the latter of course prevented me from trying this in my end (at least
I think it was due to that, I have no PK11_CreateGenericObject function), so I
would really like to see some configure magic added to cover for this since
even if you send this upstream it'll take some time before all possible NSS
installations will have it...

Besides that, I do have some remarks on the patch:

#1 - it gives me multiple warnings (try configure --enable-debug and you
      should see them as well)

#2 - its use of static variables will prevent libcurl-using applications from
      for example do threaded transfers, and I think I can even think up cases
      where multi interface uses will break due to this.

#3 - albeit a minor issue, the code didn't follow curl source code standards
      on multiple places: odd brace placement, long lines, non-standard indent

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html