cURL / Mailing Lists / curl-library / Single Mail


Re: Using Curl with nss support

From: Rob Crittenden <>
Date: Fri, 16 Nov 2007 22:58:52 -0500

Daniel Stenberg wrote:
> On Mon, 29 Oct 2007, Varun Shrivastava wrote:
>> I have to use nss with curl, its my requirement please help me out
> Then I recommend you to switch to the most recent libcurl (snapshot)
> version, and you should use an NSS version that has
> PK11_CreateGenericObject(). I don't know what version that is.
> But given that NSS is early and not very widely tested or used, I assume
> there might be more quirks to fix before it runs perfectly fine.
> I haven't been able to test with NSS properly since I don't have any CA
> cert db for it and I know don't where or how I'm supposed to get it. I
> can do SSL operations using -k though.

You need the NSS utility certutil to generate a database. You can do it
with certutil -N -d /path/to/database/directory. You can just press
Enter twice when prompted for a password to not set one.

Fedora 7 and 8 ship with an enhanced NSS that works a lot better with
curl. It includes some extra code that will let you use PEM files
instead of an NSS database which makes it much more transparant to use.

Either way the most recent curl release has significantly better NSS


Received on 2007-11-17