cURL / Mailing Lists / curl-library / Single Mail


Re: Curl and NSS

From: George Sherwood <>
Date: Sun, 30 Nov 2008 08:05:01 -0600

On Sun, 30 Nov 2008 10:41:27 +0100 (CET)
Daniel Stenberg <> wrote:

> On Sat, 29 Nov 2008, George Sherwood wrote:
> > Unfortunately currently the configure is failing to find
> > pkg-config, I believe so it is executing the else portion kludge
> > defaults and failing. If I remove the if test -n "$check"; then
> > everything work fine.
> >
> > if test X"$OPT_NSS" != Xno; then
> > if test "x$OPT_NSS" = "xyes"; then
> > check=`pkg-config --version 2>/dev/null`
> > if test -n "$check"; then
> But how can that fail if pkg-config is in your path? pkg-config
> --version should output a version number to stdout and thus test -n
> should evaluate true there. Doesn't it?

It does all those things, so I am not sure why it is not evaluated to true.

george_at_sourcemage:~$ pkg-config --version

I moved the true code to the else and everything worked and curl built
fine using nss for SSL.

> GnuTLS should work pretty much exactly the same as OpenSSL when it
> comes to the ca cert bundle and how that's used. NSS however is
> different: NSS doesn't support reading and using a CA cert bundle in
> the PEM format as both OpenSSL and GnuTLS do. The Fedora patch I
> mentioned before brings this ability to NSS.

I have GnuTLS working fine now.

> Unfortunately, there hasn't exactly been a race in the NSS team to
> get this merged into the main code.
> This has the side-effect that libcurl built with NSS needs a
> NSS-style (sqlite?) database present with the ca cert bundle. I dont
> know how to convert a PEM ca cert bundle into such a database.
> Unless you use NSS with the Fedora-patch.

After getting curl to build using --with-nss, of course I ran into the
issues that you are described above. If I want to get this working
guess I will need to take a look at the Fedora patch.


George Sherwood
Source Mage GNU/Linux Lead Developer

Received on 2008-11-30