curl-users
Problem with curl + nss
Date: Fri, 9 Jul 2010 20:39:17 +0000 (GMT)
Hello,
I have some problems using curl + nss for FTP/S on Fedora.
Versions
========
$ uname -a
Linux SNNECCI 2.6.33.5-124.fc13.i686 #1 SMP Fri Jun 11 09:48:40 UTC 2010 i686 i686 i386 GNU/Linux
$ locate libnsspem.so
/usr/lib/libnsspem.so
$ curl -V
curl 7.20.1 (i386-redhat-linux-gnu) libcurl/7.20.1 NSS/3.12.6.2 zlib/1.2.3 libidn/1.16 libssh2/1.2.4
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile SSL libz
$ rpm -q curl
curl-7.20.1-2.fc13.i686
$ rpm -q nss
nss-3.12.6-7.fc13.i686
== FTP/S Fedora curl + nss with PEM certificates created with openssl ==
$ curl --netrc --list-only --ftp-ssl-reqd \
--cacert ~/PKILOCAL/cacert.pem \
--cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
ftp://localhost/
curl: (58) Unable to load client key -8178.
====
On the contrary, with an up-to-date curl from git compiled with openssl, the same command works :
== FTP/S curl from git + openssl with PEM certificates created with openssl ==
$ ./curl -V
curl 7.21.1-DEV (i686-pc-linux-gnu) libcurl/7.21.1-DEV OpenSSL/1.0.0 zlib/1.2.3
Protocols: file ftp ftps http https tftp
Features: IPv6 Largefile NTLM SSL libz
$ ./curl --netrc --list-only --ftp-ssl-reqd \
--cacert ~/PKILOCAL/cacert.pem \
--cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
ftp://localhost/
file1
====
I also tried with SSL_DIR, with no success :
== FTP/S Fedora curl + nss with a nss database (imported from openssl PEM certs) ==
$ certutil -L -d ~/nssdblocal
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CERTLOCAL u,u,u
CALOCAL u,u,u
$ SSL_DIR=/home/eric/nssdblocal curl --netrc --list-only --ftp-ssl-reqd \
--cacert "CALOCAL" \
--cert "CERTLOCAL" \
ftp://localhost/
curl: (77) Problem with the SSL CA cert (path? access rights?)
====
I tried with an up-to-date curl from git compiled with nss, with no success.
Using certificates created directly with certutil (bundled with the nss-tools package) gave the same results.
Did I miss something ?
Eric
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-07-09