cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: PROBLEM: libcurl vs. NSS .. 8054 SEC_ERROR_REUSED_ISSUER_AND_SERIAL

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Wed, 9 Nov 2011 15:03:02 +0100

On Wednesday 09 November 2011 14:42:11 m.k. wrote:
> I'm using libcurl version 7.19.7
> version of nss 3.12.9-3.el6

These are quite old. Are they installed from any distribution packages? Or
did you compile them yourself?

> what do u think by "OpenSSL CA bundle" ?

I mean the CA bundle that OpenSSL uses for cert verification. AFAIK, OpenSSL
does not use any database by default. It uses a plain-text file. The default
location of that file is set by the --with-ca-bundle option of curl's
configure script during build.

> how can I determine wether I'm using it?

For example by strace - just check whether the file is being opened.
 
> maybe answering a simple question would help.
> how can I receive/get the mentioned error if there are no certificates in
> the db?
> or are there any certificate whitch cannot be diplayed by "certutil -L"?

The certutil command operates on the NSS database. It does not know anything
about the CA bundle in a separate file. Note you can force curl to use a NSS
database of your choice using the $SSL_DIR environment variable.

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-09