curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.


From: Daniel Stenberg via curl-users <>
Date: Wed, 24 Mar 2021 08:07:30 +0100 (CET)

On Wed, 24 Mar 2021, Vikram Darsi via curl-users wrote:

> curl --verbose -vvv -i --resolve --cacert
> ca.cer --cert ./client.cer --key client.key -H "Accept: multipart/mixed" -H
> "Content-Type: application/json" -X POST -d '{"auth-token":"CA151"
> ,"sw-version":"20.1.1"}'

1. "-vvv" doen't add more verbose, it's a boolean. -v is enough
2. "-X POST" is not helping when you use -d

> I have written a sample java program, to verify whether the server
> certificate is signed by this public-key, this test is passed. python
> requests library also confirms that the certificate is valid

I bet neither of those use NSS ?

> curl version used : curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0
> NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0

An eight year old curl with a less than one year old NSS?

This is probably rather an NSS issue and not a curl one. You can verify that
easily by for example trying a curl built with OpenSSL instead and see how
that runs.

I suspect your issue is with NSS and using PEM files. As this very old RedHat
bug hints at least, it only supports RSA [1] and maybe you're not using that?

[1] =

  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
Received on 2021-03-24