cURL / Mailing Lists / curl-library / Single Mail


Re: Curl and NSS

From: Daniel Stenberg <>
Date: Sun, 30 Nov 2008 10:41:27 +0100 (CET)

On Sat, 29 Nov 2008, George Sherwood wrote:

> Unfortunately currently the configure is failing to find pkg-config, I
> believe so it is executing the else portion kludge defaults and failing.
> If I remove the if test -n "$check"; then everything work fine.
> if test X"$OPT_NSS" != Xno; then
> if test "x$OPT_NSS" = "xyes"; then
> check=`pkg-config --version 2>/dev/null`
> if test -n "$check"; then

But how can that fail if pkg-config is in your path? pkg-config --version
should output a version number to stdout and thus test -n should evaluate true
there. Doesn't it?

> Related in that I only have the midori browser working on https sites using
> curl built against openssl. I believe it should work with curl built
> against either GnuTLS or NSS. Webkit uses curl as its http backend.

GnuTLS should work pretty much exactly the same as OpenSSL when it comes to
the ca cert bundle and how that's used. NSS however is different: NSS doesn't
support reading and using a CA cert bundle in the PEM format as both OpenSSL
and GnuTLS do. The Fedora patch I mentioned before brings this ability to NSS.

Unfortunately, there hasn't exactly been a race in the NSS team to get this
merged into the main code.

This has the side-effect that libcurl built with NSS needs a NSS-style
(sqlite?) database present with the ca cert bundle. I dont know how to convert
a PEM ca cert bundle into such a database.

Unless you use NSS with the Fedora-patch.

Received on 2008-11-30