Scoped Ptr wrote:
> Hi,
>
> Does cURL supports the direct use of the Berkeley .db used by NSS ?
> Openssl works with .pem files whereas Berkeley db files are .db and NSS
> assumes to have those for certificates and keys.
> How do I specify the location of the database files on the disk and,
> does cURL work with .db files directly or there has to be some work done
> before ?
>
> I see that it first tries to get the SSL_DIR environment variable for
> the cert db files and then assumes the location as /etc/pki/nssdb or in
> worst case initializes NSS without a cert database. Should this SSL_DIR
> location be the location of the cert.db, key.db files ?

Yes, use SSL_DIR to specify the directory that you NSS certificate and
key databases resides in.

The NSS library in Fedora includes a PKCS#11 module that can read PEM
files. This was submitted upstream to NSS but it hasn't been included
(yet, if it will be at all). See bug
https://bugzilla.mozilla.org/show_bug.cgi?id=402712

Additional patches may also be needed depending on your version of NSS.
I haven't built it against a recent upstream pull of NSS for quite some
time now but it needs to provide at least PK11_CreateGenericObject().
libcurl won't build in the proper support without it.

rob