cURL / Mailing Lists / curl-library / Single Mail


Re: NSS support quirks

From: Arnaud Ebalard <>
Date: Tue, 17 Jun 2008 09:36:25 +0200


Daniel Stenberg <> writes:

> On Mon, 16 Jun 2008, Arnaud Ebalard wrote:
>> Daniel, I don't know if it would be a huge amount work but a good
>> way to test things would be to had to curl (the command line
>> utility) the options for passing CRL and issuer cert (or the
>> equivalent for NSS) and then test things (also adding regression
>> tests for that if time is not a matter).
> Of course. I won't stand in the way of anyone who'd step forward to do
> this.

Me neither ;-) As usual, if someone has a real need for the
functionality, a patch will appear.

> Is NSS using database files for them too, like it does for ca certs?
> If so, how do I use all of those? I don't even know how to setup my
> system to use NSS with cacerts. Can I convert my PEM file to a NSS
> cacert db somehow?

Added Rob to the list of CC on that one.

> If anyone would work on setting up test cases for these things, does
> anyone have any fine generated files that could be used to test?
>> At least associated time would not be completely lost. That's just an idea.
> Persons adding test cases are always tresured and appreciated. Just
> not very often seen! ;-)

Writing some test case for issuer check should be pretty easy. I'm just
not familiar with that part of curl. For CRL check, this would mean
generating two CRLs (one with test server ok and the other with the test
server revoked) and then test both.



  • application/pgp-signature attachment: stored
Received on 2008-06-17