cURL / Mailing Lists / curl-library / Single Mail


Re: NSS support quirks

From: Rob Crittenden <>
Date: Fri, 13 Jun 2008 09:37:53 -0400

Daniel Stenberg wrote:
> On Fri, 13 Jun 2008, Arnaud Ebalard wrote:
>> Hum, it may be sth else but it seems that both errors are related to
>> the code we provided for CRL and issuer check, which is untested with
>> the nss backend. We mainly took into account some comments sent by Rob.
> Right, the missing CERT_* function comes from there.
> My annoyance is really not directed towards anyone of you who have
> contributed code to libcurl but on the NSS project that seems to be
> doing everything so hard to find, see and track.
>> As you might have noticed, building libcurl under Debian creates
>> libcurl*-openssl and libcurl*-nss versions but does not provide any
>> libcurl*-nss. Hence the lack of tests of our patches with nss.
> I never build (lib)curl using what Debian ships so I have no idea about
> those things! I build my curl stuff from CVS...

This will fix the warnings.

diff -u -r1.23 nss.c
--- lib/nss.c 12 Jun 2008 22:00:35 -0000 1.23
+++ lib/nss.c 13 Jun 2008 13:33:21 -0000
@@ -62,6 +62,8 @@
  #include <prio.h>
  #include <secitem.h>
  #include <secport.h>
+#include <nss3/base64.h>
+#include <certdb.h>

  #include "memory.h"
  #include "easyif.h" /* for Curl_convert_from_utf8 prototype */

This needs to explicitly use nss3/base64.h for the right include to be
found since curl provides its own base64.h. I can see that breaking on
some platforms. It worked ok for me on Fedora 8.

The function CERT_CompareCerts() is trickier. It is an unexported
function in NSS. The easy solution is to simply make a local private
copy of it in nss.c. I can provide a patch if this is a way you'd be
willing to go.


Received on 2008-06-13