Re: NSS support quirks
Date: Fri, 13 Jun 2008 09:37:53 -0400
Daniel Stenberg wrote:
> On Fri, 13 Jun 2008, Arnaud Ebalard wrote:
>> Hum, it may be sth else but it seems that both errors are related to
>> the code we provided for CRL and issuer check, which is untested with
>> the nss backend. We mainly took into account some comments sent by Rob.
> Right, the missing CERT_* function comes from there.
> My annoyance is really not directed towards anyone of you who have
> contributed code to libcurl but on the NSS project that seems to be
> doing everything so hard to find, see and track.
>> As you might have noticed, building libcurl under Debian creates
>> libcurl*-openssl and libcurl*-nss versions but does not provide any
>> libcurl*-nss. Hence the lack of tests of our patches with nss.
> I never build (lib)curl using what Debian ships so I have no idea about
> those things! I build my curl stuff from CVS...
This will fix the warnings.
diff -u -r1.23 nss.c
--- lib/nss.c 12 Jun 2008 22:00:35 -0000 1.23
+++ lib/nss.c 13 Jun 2008 13:33:21 -0000
@@ -62,6 +62,8 @@
#include "easyif.h" /* for Curl_convert_from_utf8 prototype */
This needs to explicitly use nss3/base64.h for the right include to be
found since curl provides its own base64.h. I can see that breaking on
some platforms. It worked ok for me on Fedora 8.
The function CERT_CompareCerts() is trickier. It is an unexported
function in NSS. The easy solution is to simply make a local private
copy of it in nss.c. I can provide a patch if this is a way you'd be
willing to go.
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature