cURL / Mailing Lists / curl-library / Single Mail


Re: issues with pre-login to pkcs11 slots when using NSS

From: Kamil Dudka <>
Date: Sun, 12 Jul 2009 23:26:12 +0200

On Sunday 12 of July 2009 23:06:38 Claes Jakobsson wrote:
> Hi,
> On Jul 12, 2009, at 10:57 PM, Kamil Dudka wrote:
> > not sure if I understand. Do you mean some verbose output when the
> > curl's
> > option CURLOPT_VERBOSE is set?
> Yes.

Well, it could be helpful. We need to always set the SelectClientCert()
callback. Inside the callback we can determine whether the PEM module is
loaded (and used for client cert). Then we can print the certificate
nick-name in all cases using CERT_GetNickName() if any selected;
an error/warning message otherwise. I'll try to complete the patch next week.

> > I don't worry about that as I think the NSS-powered curl is not
> > widely used
> > now. It's been pretty broken in Fedora since recently. And you are
> > in fact
> > the first non-Fedora user of NSS-powered curl I noticed here on the
> > list ;-)
> currently we run it only on Mac OS X but in the future it'll also be
> deployed on Debian as we're moving over all HTTP(s) related client
> code to libcurl based one.

It sounds like good timing to perform the change.

Received on 2009-07-12