cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to use curl with nss supported?

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Thu, 9 Dec 2010 10:10:21 +0100

On Thursday 09 December 2010 08:47:21 张绪峰 wrote:
> Hi All,
>
> I have some problems with curl+nss usage.

What exactly are you going to do?

What are the problems?

> Version
> --------------
> $ curl -V
> curl 7.20.0 (i686-target-linux-gnu) libcurl/7.20.0 NSS/3.12.4.5 zlib/1.2.5
> libidn/0.6.5 Protocols: dict file ftp ftps http https imap imaps pop3 pop3s
> rtsp smtp smtps telnet tftp Features: IDN IPv6 Largefile SSL libz

What distribution are you using? Are the packages provided by your distro?

> NSS database is in '/etc/pki/nssdb' directory.
> When I run certutil, the output is:
> $ certutil -L -d /etc/pki/nssdb/
> Certificate Nickname Trust
> Attributes SSL,S/MIME,JAR/XPI I don't know why there is no nickname output.

If you have working Firefox, you can try to point curl to its database by
setting $SSL_DIR.

> I also find there is a Makefile in '/usr/lib/ssl/certs' directory, which
> can be used to generate PEM format CA. So I run 'make cacert.pem' and it is
> created.
> Lastly when I using curl with this CA:
> $ curl --cacert ./cacert.pem -X GET https://bugzilla.redhat.com
> Segmentation fault

If you are able to repeat the crash with the latest curl/nss, please attach
the certificate that causes the crash. What does the following command say?

$ openssl x509 -in ./cacert.pem -noout -text

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-12-09