Fedora 8/rawhide has switched curl from using OpenSSL to using NSS as
the SSL engine. This illuminated some issues with the current NSS
module, notably its lack of support for file-based certificates and a
difference in the meaning of command-line arguments. This patch
addresses those.

The notable changes are:

- It looks for the NSS database first in the environment variable
SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if
neither of those exist.
- If the NSS PKCS#11 libnspsem.so driver is available then PEM files may
be loaded, including the ca-bundle. If it is not available then only
certificates already in the NSS database are used.
- Tries to detect whether a file or nickname is being passed in so the
right thing is done
- Added a bit of code to make the output more like the OpenSSL module,
including displaying the certificate information when connecting in
verbose mode
- Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will
with or without it, all that changes is the source of the certificates
and keys.

rob