Re: Curl and NSS
Date: Sat, 29 Nov 2008 22:13:17 +0100 (CET)
On Sat, 29 Nov 2008, George Sherwood wrote:
> I have been maintaining curl and nss for our distro and I was wondering if
> there is any advantage to building curl against NSS. Currently we don't
> even have that as an option.
As far as I understand it, and I can't say I've actually tried to understand
all the aspects of this, NSS has a FIPS certification in a way none of the
other SSL libs do, and some US governments or something requires software to
be FIPS certificied to be considered. See this:
> Also is it proper to build curl against gnutls and openssl and libssh2
> or should it only be one of these three or nss?
NSS is a SSL library libcurl can use instead of OpenSSL or GnuTLS. libcurl can
only be built to use one of these in a single build
libssh2 is a separate thing since it provides SSH. Although libssh2 in itself
can be built to use either OpenSSL or libgcrypt for the crypto layer.
> I finally got midori/webkit working with https site by adding
> ca-certificates and building curl against openssl with the options:
> --with-ssl=/usr --without-ca-bundle --with-ca-path=/etc/ssl/certs
> I was just wondering if I am doing things correctly.
How is this related to the NSS question?
(lib)curl no longer provides a ca cert bundle of its own so if you want your
libcurl installation to have a default ca cert bundle you need to make sure
configure finds a suitable one.
I don't know what "midori/webkit" is so I can't comment on its specific
-- / daniel.haxx.seReceived on 2008-11-29