cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1196 with NSS, some certs unselectable via --cert name:passwd syntax

From: Kamil Dudka <kdudka_at_users.sf.net>
Date: Fri, 05 Apr 2013 13:59:28 +0000

Thank you for writing the patch! It looks good to me and I would like to merge it upstream. Could you please send me your name and e-mail so that I commit the patch with you as the author? Thanks in advance! 

---
** [bugs:#1196] with NSS, some certs unselectable via --cert name:passwd syntax**
**Status:** open
**Created:** Wed Feb 13, 2013 07:57 PM UTC by jared jennings
**Last Updated:** Thu Feb 14, 2013 03:15 PM UTC
**Owner:** nobody
I need a way to tell the curl tool to use a certificate having a colon in its name.
With the curl tool, when I specify a client certificate to use via the -E or --cert switch, I can optionally specify a passphrase by appending a colon and the passphrase to the argument of the switch. In src/tool_getparam.c around line 1206, the first colon in the argument is found, using strchr, and everything after it is deemed to be the passphrase. Because of this decision, passphrases containing colons can be used, but certificates whose names contain colons cannot.
The use case is this: I've built curl against NSS, and I'm trying to use the certificate on my smartcard.
When you import a certificate from a file into an NSS database, it goes onto the token named "NSS Certificate DB." When you specify a certificate in the NSS database by its nickname, by default that certificate is sought on the "NSS Certificate DB" token. So if all you use with NSS is certificates you've imported from files, you never need a colon.
But if the certificate you want to use is stored on a different token (e.g., a smartcard), you have to name both the token and the certificate; the way to do so is with the syntax token:nickname - i.e. separating them by a colon. So the name of the certificate on my smartcard is "MY.FULL.NAME.1234567890:CAC ID Certificate".
Unfortunately when I hand that value to the -E switch, the curl tool parses that as a request to use the certificate named MY.FULL.NAME.1234567890, with the passphrase "CAC ID Certificate".
---
Sent from sourceforge.net because you indicated interest in <https://sourceforge.net/p/curl/bugs/1196/>
To unsubscribe from further messages, please visit <https://sourceforge.net/auth/subscriptions/>
Received on 2013-04-05

These mail archives are generated by hypermail.

donate! Page updated January 05, 2012.
web site info

File upload with ASP.NET