On Wed, Mar 10, 2010 at 08:41:35PM +0100, Guenter wrote:
> Petr Pisar schrieb:
> > OPENSSL_CONF is the same hack as SSL_DIR for NSS crypto backend. When
> > I wrote my application, I thought CURLOPT_CAPATH should carry NSS database
> > path instead of setting SSL_DIR. It's little confusing.
> SSL_DIR is not a hack by us here, but is already used inside NSS self -
> though badly documented ...
>
Realy? If I look into curl, I can see you pass the variable value into
NSS_Initialize() only and you do not use it anywhere else. If the variable is
not defined you just pass some default string and you _don't_ export it for
sake of NSS.

If I grep NSS, the only places presenting SSL_DIR are inside testing code, not
in the library itself.

BTW, is somebody here experienced with PKCS#11 modules pluged into NSS as curl
back-end? I'm able to use TLS certificates and keys from internal NSS module.
Seeking for certificates or keys from other modules resuls in curl SSL
initialization failure. FYI I'm able to use the same NSS database from Firefox
or list the certs by certutil.

-- Petr

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html