cURL / Mailing Lists / curl-users / Single Mail

curl-users

Problem with curl + nss

From: <autrelandes-curl_at_yahoo.fr>
Date: Fri, 9 Jul 2010 20:39:17 +0000 (GMT)

Hello,

I have some problems using curl + nss for FTP/S on Fedora.

Versions
========
$ uname -a
Linux SNNECCI 2.6.33.5-124.fc13.i686 #1 SMP Fri Jun 11 09:48:40 UTC 2010 i686 i686 i386 GNU/Linux

$ locate libnsspem.so
/usr/lib/libnsspem.so

$ curl -V
curl 7.20.1 (i386-redhat-linux-gnu) libcurl/7.20.1 NSS/3.12.6.2 zlib/1.2.3 libidn/1.16 libssh2/1.2.4
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile SSL libz
$ rpm -q curl
curl-7.20.1-2.fc13.i686
$ rpm -q nss
nss-3.12.6-7.fc13.i686

== FTP/S Fedora curl + nss with PEM certificates created with openssl ==
$ curl --netrc --list-only --ftp-ssl-reqd \
       --cacert ~/PKILOCAL/cacert.pem \
       --cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
       ftp://localhost/
curl: (58) Unable to load client key -8178.
====

On the contrary, with an up-to-date curl from git compiled with openssl, the same command works :
== FTP/S curl from git + openssl with PEM certificates created with openssl ==
$ ./curl -V
curl 7.21.1-DEV (i686-pc-linux-gnu) libcurl/7.21.1-DEV OpenSSL/1.0.0 zlib/1.2.3
Protocols: file ftp ftps http https tftp
Features: IPv6 Largefile NTLM SSL libz
$ ./curl --netrc --list-only --ftp-ssl-reqd \
       --cacert ~/PKILOCAL/cacert.pem \
       --cert ~/PKILOCAL/cert.pem:motdepasse --key ~/PKILOCAL/priv.key \
       ftp://localhost/
file1
====

I also tried with SSL_DIR, with no success :
== FTP/S Fedora curl + nss with a nss database (imported from openssl PEM certs) ==
$ certutil -L -d ~/nssdblocal
Certificate Nickname Trust Attributes
                              SSL,S/MIME,JAR/XPI
CERTLOCAL u,u,u
CALOCAL u,u,u
$ SSL_DIR=/home/eric/nssdblocal curl --netrc --list-only --ftp-ssl-reqd \
            --cacert "CALOCAL" \
            --cert "CERTLOCAL" \
            ftp://localhost/
curl: (77) Problem with the SSL CA cert (path? access rights?)
====

I tried with an up-to-date curl from git compiled with nss, with no success.
Using certificates created directly with certutil (bundled with the nss-tools package) gave the same results.

Did I miss something ?

Eric

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-07-09

This message: [ Message body ]
Next message: autrelandes-curl_at_yahoo.fr: "Re: Problem with curl + nss"
Previous message: Rick Gross: "cURL runs differently on different Windows systems"
Next in thread: autrelandes-curl_at_yahoo.fr: "Re: Problem with curl + nss"
Maybe reply: autrelandes-curl_at_yahoo.fr: "Re: Problem with curl + nss"
Reply: Daniel Stenberg: "Re: Problem with curl + nss"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]